| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + RedirektWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.04.2014, 16:00
| #1 |
| |  Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt Hallo zusammen, mein WIn 8.1 (64Bit) PC wird zzt. von 2 Problemen geplagt. Erste Versuche die Malware loszuwerden blieben erfolglos. Permanent "gesichert" ist das System mit Bitdefender Total Security 2014. Bereinigungen mittels Malwarebytes, ADWCleaner und JRT beseitigten die Probleme nicht. Folglich benötige ich professionelle Hilfe. Folgende Symptome sind festzustellen (betroffen sowohl Chrome, als auch IE in aktueller Version):
Welche Logfiles soll ich anfertigen?  vorab für die Hilfe. Gruß,searge |
|
08.04.2014, 17:10
| #2 |
| /// the machine /// TB-Ausbilder    |  Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.04.2014, 19:51
| #3 | ||
| | Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt O.K. verstanden. 2 verdächtige Einträge habe ich auch bereits entdeckt:
__________________- Zitat:
Zitat:
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by searge (administrator) on GONZO on 08-04-2014 20:35:05
Running from E:\
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
() C:\Program Files\002\bukgmhvrux64.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Sony Corporation) D:\PlayMemories Home\PMBDeviceInfoProvider.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
() c:\Program Files\RrFilter\RrFilterService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Sony Corporation) D:\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MsoSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-31] (Bitdefender)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TaskMngr] - wscript.exe "C:\Program Files (x86)\Common Files\Lenovo\data.js"
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)
HKLM-x32\...\Run: [RIM PeerManager] - C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4465152 2013-11-28] (Research In Motion Limited)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [StatusAlerts] - C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PMBVolumeWatcher] - D:\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-08-20] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] - D:\Bitdefender\Bitdefender\pmbxag.exe
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] - D:\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] - D:\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-31] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-31] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-31] (Bitdefender)
HKU\S-1-5-21-807289001-2656735144-1847004273-1001\...\Run: [Bitdefender-Geldbörse-Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-31] (Bitdefender)
HKU\S-1-5-21-807289001-2656735144-1847004273-1001\...\Run: [Bitdefender-Geldbörse] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-31] (Bitdefender)
HKU\S-1-5-21-807289001-2656735144-1847004273-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-31] (Bitdefender)
HKU\S-1-5-21-807289001-2656735144-1847004273-1001\...\Run: [GoogleChromeAutoLaunch_D58DD1E830115286890B6516427E3014] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-02] (Google Inc.)
HKU\S-1-5-21-807289001-2656735144-1847004273-1001\...\MountPoints2: {0cddc7dd-b2a9-11e3-834f-001fd0806298} - "J:\autorun.exe"
HKU\S-1-5-21-807289001-2656735144-1847004273-1001\...\MountPoints2: {f8900991-6dfd-11e3-82d7-001fd0806298} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL J:\start.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA62E6A0916B2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\..\Interfaces\{7DF5EB80-3309-42AA-AADC-6CF1BD93E4A2}: [NameServer]192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\searge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-15]
CHR Extension: (YouTube) - C:\Users\searge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-15]
CHR Extension: (Adblock Plus) - C:\Users\searge\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-08]
CHR Extension: (Google-Suche) - C:\Users\searge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-15]
CHR Extension: (AdBlock) - C:\Users\searge\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\searge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Google Mail) - C:\Users\searge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-15]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-27]
==================== Services (Whitelisted) =================
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited)
R2 bukgmhvrux64; C:\Program Files\002\bukgmhvrux64.exe [706560 2014-04-05] ()
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
R2 PMBDeviceInfoProvider; D:\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-08-20] (Sony Corporation)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-11-28] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1304064 2013-11-28] (Research In Motion Limited)
R2 RrFilterService64; c:\Program Files\RrFilter\RrFilterService64.exe [171008 2014-03-06] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S2 Service KMSELDI; D:\Program Files\KMSpico\Service_KMS.exe [571392 2013-10-29] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-31] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-02-03] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2013-11-30] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-02-03] (BitDefender)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-07-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-01-26] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-02-28] (NetFilterSDK.com)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-11-28] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-08-28] (Splashtop Inc.)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 ttBudget2_NTAMD64; C:\Windows\system32\drivers\ttBudget2_amd64.sys [645152 2013-09-15] (TechnoTrend GmbH)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-08 20:32 - 2014-04-08 20:35 - 00000000 ____D () C:\FRST
2014-04-08 12:53 - 2014-04-08 12:53 - 00000753 _____ () C:\Users\searge\Desktop\JRT.txt
2014-04-08 12:45 - 2014-04-08 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 12:21 - 2014-04-08 12:55 - 00000000 ____D () C:\AdwCleaner
2014-04-08 12:02 - 2014-04-08 12:02 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 12:02 - 2014-04-08 12:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-08 12:02 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 12:02 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 12:02 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 09:59 - 2014-04-08 12:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 09:58 - 2014-04-08 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 09:08 - 2014-04-07 09:08 - 00000000 ____D () C:\Users\searge\AppData\Roaming\ICAClient
2014-04-07 09:08 - 2014-04-07 09:08 - 00000000 ____D () C:\Users\searge\AppData\Local\Citrix
2014-04-07 09:08 - 2014-04-07 09:08 - 00000000 ____D () C:\ProgramData\Citrix
2014-04-07 09:08 - 2014-04-07 09:08 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-07 08:58 - 2014-04-07 08:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-05 15:18 - 2014-04-05 15:18 - 00000034 _____ () C:\Windows\cdplayer.ini
2014-04-05 15:17 - 2014-04-08 13:15 - 00000000 ____D () C:\Program Files\RrFilter
2014-04-05 15:16 - 2014-04-08 10:10 - 00000000 ____D () C:\Program Files (x86)\RrSavings
2014-04-05 15:16 - 2014-04-05 15:16 - 00000000 ____D () C:\Program Files\rrsavings
2014-04-05 15:15 - 2014-04-05 15:16 - 00000000 ____D () C:\Program Files\002
2014-04-04 21:32 - 2014-04-04 21:32 - 00000000 ____D () C:\Users\searge\Documents\Sony PMB
2014-04-04 17:50 - 2014-04-04 17:50 - 00000736 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk
2014-04-04 17:50 - 2014-04-04 17:50 - 00000694 _____ () C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk
2014-04-04 17:50 - 2014-04-04 17:50 - 00000000 ____D () C:\Users\searge\AppData\Roaming\Sony Corporation
2014-04-04 17:43 - 2014-04-04 17:43 - 00000830 _____ () C:\Users\Public\Desktop\Image Data Converter Ver. 4.lnk
2014-04-04 17:43 - 2014-04-04 17:43 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-04 17:42 - 2014-04-04 17:42 - 00000000 ____D () C:\Users\searge\AppData\Roaming\InstallShield
2014-04-01 22:36 - 2014-04-01 22:36 - 00003576 _____ () C:\Windows\System32\Tasks\Bitdefender Auto-Scan
2014-04-01 13:29 - 2014-04-01 13:29 - 00000700 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-27 00:13 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-27 00:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-03-23 21:34 - 2014-03-23 21:34 - 00003373 _____ () C:\Users\searge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adb.lnk
2014-03-23 08:16 - 2014-03-23 08:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-03-18 22:02 - 2014-03-21 19:32 - 00001253 _____ () C:\Users\searge\Desktop\JdAdapter.lnk
2014-03-18 17:33 - 2014-01-08 03:46 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-03-18 17:33 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-18 17:33 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-03-18 17:33 - 2014-01-04 17:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll
2014-03-18 17:33 - 2014-01-04 17:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-03-18 17:33 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-03-18 17:33 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-03-18 17:33 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-18 17:33 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-18 17:33 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-18 17:33 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-03-18 17:33 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-18 17:33 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-03-18 17:33 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-03-18 17:33 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-03-18 17:33 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-03-18 17:33 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-03-18 17:33 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-03-18 17:33 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-03-18 17:33 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-03-18 17:33 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-03-18 17:33 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-03-18 17:33 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-03-18 17:33 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-03-18 17:33 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-03-18 17:33 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 17:33 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-03-18 17:33 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-03-18 17:33 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-03-18 17:33 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-03-18 17:33 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 17:33 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-03-18 17:33 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-03-18 17:33 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-03-18 17:33 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-03-18 17:33 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-18 17:33 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-11 22:46 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-03-11 22:46 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-03-11 22:46 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-11 22:46 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-03-11 22:46 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-03-11 22:46 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-11 22:46 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-03-11 22:46 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-03-11 22:46 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-03-11 22:46 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-11 22:46 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-03-11 22:46 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-11 22:46 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-11 22:46 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-03-11 22:46 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-03-11 22:46 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-11 22:46 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-11 22:46 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-11 22:45 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 22:45 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 22:45 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 22:45 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-11 22:45 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-11 22:45 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-03-11 22:45 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-03-11 22:45 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-03-11 22:45 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-11 22:45 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-11 22:45 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-11 22:45 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-03-11 22:45 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-03-11 22:45 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-11 22:45 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-03-11 22:45 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-11 22:45 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-11 22:45 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-03-11 22:45 - 2014-01-27 13:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-11 22:45 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-03-11 22:45 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-11 22:45 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-03-11 22:45 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-10 21:46 - 2014-03-16 09:39 - 00000000 ____D () C:\Users\searge\AppData\Roaming\TeamViewer
2014-03-10 21:46 - 2014-03-10 21:46 - 00001178 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-10 21:46 - 2014-03-10 21:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
==================== One Month Modified Files and Folders =======
2014-04-08 20:35 - 2014-04-08 20:32 - 00000000 ____D () C:\FRST
2014-04-08 20:33 - 2013-09-15 15:02 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-807289001-2656735144-1847004273-1001
2014-04-08 20:31 - 2013-09-15 15:18 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E8AA8A1F-5A34-46C3-B042-CDA6E1FAB47A}
2014-04-08 20:29 - 2013-10-12 13:09 - 00005112 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Gonzo-searge Gonzo
2014-04-08 20:28 - 2013-09-24 21:52 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 20:28 - 2013-09-24 21:51 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 20:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-04-08 20:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-04-08 13:18 - 2013-09-15 15:45 - 00000000 ____D () C:\Users\searge\Documents\Outlook-Dateien
2014-04-08 13:15 - 2014-04-05 15:17 - 00000000 ____D () C:\Program Files\RrFilter
2014-04-08 13:14 - 2013-09-15 14:57 - 01212497 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 13:03 - 2013-09-15 15:00 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 13:03 - 2013-09-01 08:21 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 13:03 - 2013-09-01 08:21 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 12:57 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 12:55 - 2014-04-08 12:21 - 00000000 ____D () C:\AdwCleaner
2014-04-08 12:53 - 2014-04-08 12:53 - 00000753 _____ () C:\Users\searge\Desktop\JRT.txt
2014-04-08 12:45 - 2014-04-08 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 12:37 - 2014-04-08 09:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 12:27 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-08 12:20 - 2013-09-24 21:51 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 12:02 - 2014-04-08 12:02 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-08 12:02 - 2014-04-08 12:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-08 10:27 - 2013-09-15 14:57 - 00000000 ____D () C:\Users\searge\AppData\Local\VirtualStore
2014-04-08 10:11 - 2013-09-15 14:53 - 00604258 _____ () C:\Windows\PFRO.log
2014-04-08 10:10 - 2014-04-05 15:16 - 00000000 ____D () C:\Program Files (x86)\RrSavings
2014-04-08 10:10 - 2014-01-16 00:03 - 00000000 ____D () C:\Windows\%LOCALAPPDATA%
2014-04-08 09:58 - 2014-04-08 09:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 09:52 - 2013-09-17 21:32 - 00000000 ____D () C:\Users\searge\AppData\Local\CrashDumps
2014-04-08 08:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-08 08:45 - 2013-09-15 14:57 - 00000000 ____D () C:\Users\searge
2014-04-07 09:08 - 2014-04-07 09:08 - 00000000 ____D () C:\Users\searge\AppData\Roaming\ICAClient
2014-04-07 09:08 - 2014-04-07 09:08 - 00000000 ____D () C:\Users\searge\AppData\Local\Citrix
2014-04-07 09:08 - 2014-04-07 09:08 - 00000000 ____D () C:\ProgramData\Citrix
2014-04-07 09:08 - 2014-04-07 09:08 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-07 08:58 - 2014-04-07 08:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-07 08:58 - 2013-12-27 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-07 08:58 - 2013-12-27 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-07 08:58 - 2013-12-27 21:04 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-07 08:58 - 2013-12-27 21:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-07 08:58 - 2013-11-03 08:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-05 23:48 - 2013-09-16 19:29 - 00000000 ____D () C:\Users\searge\AppData\Roaming\vlc
2014-04-05 15:18 - 2014-04-05 15:18 - 00000034 _____ () C:\Windows\cdplayer.ini
2014-04-05 15:16 - 2014-04-05 15:16 - 00000000 ____D () C:\Program Files\rrsavings
2014-04-05 15:16 - 2014-04-05 15:15 - 00000000 ____D () C:\Program Files\002
2014-04-05 09:29 - 2013-09-28 07:24 - 00000000 ____D () C:\Users\searge\AppData\Roaming\FileZilla
2014-04-04 21:36 - 2013-08-22 16:46 - 00056976 _____ () C:\Windows\setupact.log
2014-04-04 21:32 - 2014-04-04 21:32 - 00000000 ____D () C:\Users\searge\Documents\Sony PMB
2014-04-04 17:50 - 2014-04-04 17:50 - 00000736 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk
2014-04-04 17:50 - 2014-04-04 17:50 - 00000694 _____ () C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk
2014-04-04 17:50 - 2014-04-04 17:50 - 00000000 ____D () C:\Users\searge\AppData\Roaming\Sony Corporation
2014-04-04 17:48 - 2013-09-15 21:07 - 00010775 _____ () C:\Windows\DirectX.log
2014-04-04 17:43 - 2014-04-04 17:43 - 00000830 _____ () C:\Users\Public\Desktop\Image Data Converter Ver. 4.lnk
2014-04-04 17:43 - 2014-04-04 17:43 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-04 17:43 - 2013-10-04 21:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-04 17:42 - 2014-04-04 17:42 - 00000000 ____D () C:\Users\searge\AppData\Roaming\InstallShield
2014-04-03 09:51 - 2014-04-08 12:02 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 12:02 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 12:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 14:15 - 2013-09-24 21:51 - 00004094 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 14:15 - 2013-09-24 21:51 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-01 22:36 - 2014-04-01 22:36 - 00003576 _____ () C:\Windows\System32\Tasks\Bitdefender Auto-Scan
2014-04-01 22:32 - 2013-10-07 18:55 - 00000000 ____D () C:\ProgramData\PMS
2014-04-01 13:29 - 2014-04-01 13:29 - 00000700 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-03-30 22:43 - 2013-09-20 13:52 - 00000446 _____ () C:\Windows\system32\checkdnsid.xml
2014-03-24 07:48 - 2013-11-13 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-24 07:47 - 2013-11-13 22:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-23 21:34 - 2014-03-23 21:34 - 00003373 _____ () C:\Users\searge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adb.lnk
2014-03-23 21:33 - 2013-11-18 19:29 - 00025430 _____ () C:\Windows\DPINST.LOG
2014-03-23 21:22 - 2014-01-26 12:29 - 00000000 ____D () C:\adb
2014-03-23 18:28 - 2013-09-27 07:54 - 00000757 _____ () C:\Users\Public\Desktop\DriverTools.lnk
2014-03-23 14:53 - 2013-09-15 14:57 - 00000000 ____D () C:\Users\searge\AppData\Local\Packages
2014-03-23 08:16 - 2014-03-23 08:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-03-21 19:32 - 2014-03-18 22:02 - 00001253 _____ () C:\Users\searge\Desktop\JdAdapter.lnk
2014-03-21 19:30 - 2013-12-27 20:48 - 00000000 ____D () C:\JdAdapter
2014-03-20 20:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-03-20 18:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-03-18 17:56 - 2013-09-15 15:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-16 09:39 - 2014-03-10 21:46 - 00000000 ____D () C:\Users\searge\AppData\Roaming\TeamViewer
2014-03-13 12:28 - 2013-08-22 16:44 - 00680704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 21:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 21:05 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 21:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-12 21:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 21:01 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini
2014-03-10 21:46 - 2014-03-10 21:46 - 00001178 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-10 21:46 - 2014-03-10 21:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
Some content of TEMP:
====================
C:\Users\searge\AppData\Local\Temp\70069uninstall.exe
C:\Users\searge\AppData\Local\Temp\97837uninstall.exe
C:\Users\searge\AppData\Local\Temp\BackupSetup.exe
C:\Users\searge\AppData\Local\Temp\bitool.dll
C:\Users\searge\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\searge\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\searge\AppData\Local\Temp\DesktopInstaller.exe
C:\Users\searge\AppData\Local\Temp\dn6am4pr.dll
C:\Users\searge\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpujgcqh.dll
C:\Users\searge\AppData\Local\Temp\JavaIC.dll
C:\Users\searge\AppData\Local\Temp\jna4094160804366063450.dll
C:\Users\searge\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\searge\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\searge\AppData\Local\Temp\jw7oa9s0.dll
C:\Users\searge\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\searge\AppData\Local\Temp\ose00000.exe
C:\Users\searge\AppData\Local\Temp\Quarantine.exe
C:\Users\searge\AppData\Local\Temp\SetupUtil.exe
C:\Users\searge\AppData\Local\Temp\Sqlite3.dll
C:\Users\searge\AppData\Local\Temp\uoep7mjm.dll
C:\Users\searge\AppData\Local\Temp\vcredist_x64.exe
C:\Users\searge\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\searge\AppData\Local\Temp\xmlUpdater.exe
C:\Users\searge\AppData\Local\Temp\y8xnifui.dll
C:\Users\searge\AppData\Local\Temp\yi2tt9uo.dll
C:\Users\searge\AppData\Local\Temp\_is492C.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-11 22:45] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
LastRegBack: 2014-04-03 07:22
==================== End Of Log ============================
--- --- --- und Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by searge at 2014-04-08 20:35:55
Running from E:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.23.0.996 - Bitdefender)
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.2.13 - BlackBerry Ltd.)
Catalyst Control Center (x32 Version: 2013.0424.1225.20315 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0424.1224.20315 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0424.1225.20315 - Advanced Micro Devices, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BED39C88-768C-4345-BF11-58436C984F2A}) (Version: - Microsoft)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - )
DriverTools 1.0 (HKLM-x32\...\DriverTools) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.12201.1116 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.00.07270 - Sony Corporation)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Juniper Citrix Services Client (HKCU\...\Juniper_Citrix_Services) (Version: 7.1.12.21827 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
KMSpico v9.0.3.20131029 (Beta) (HKLM\...\KMSpico_is1) (Version: 9.0.3.20131029 - )
Kobo (HKLM-x32\...\Kobo) (Version: 3.3.11 - Kobo Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (HKLM\...\{90150000-0015-0407-1000-0000000FF1CE}_Office15.PROPLUS_{47F15B72-AB15-4B81-BDB8-28B204596EB7}) (Version: - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{614E655F-A0ED-435A-8E0C-A81EE4BA7BC7}) (Version: - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E759A69-FA72-4B3C-BE2F-D1194764D31E}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8D84B988-2A7A-4DB6-A7A5-08DA7B3DE9EE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{79469196-F138-4CF0-8681-F1889D53B56B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FEFF9FF6-FF61-455E-A8CC-3A1311A657AD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3FF4EA9F-3505-4726-A974-6593A968FFCC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9406D70B-2D9C-4613-A75A-F35B66BA8AFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA390537-AA88-450F-A240-5FB4648A124A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8D57F4A-0824-4043-89E7-3C6280B67A47}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AC4470FB-8011-4F16-B5D4-E0A34DE10C87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8B3D175-48B8-413F-8484-4D81E744B51C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{526C9E5A-A734-4DC0-B829-ED1CDE793C6B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8587E5B1-6279-4396-B9AC-20B334F4FF88}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{30C13416-B124-46AB-9E44-96CEFFA893F9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C809B1D6-BD31-4496-BCFE-4567E0854F5F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4FD8F672-3206-469C-B9F0-D6E72F7ACAB2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{1A789784-5825-4B26-BB57-71FF7D3484CB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{856D47BC-036C-4692-8702-D6CCA8F428D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F33ABF6A-3007-47E8-8E38-506A18E54641}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B38036CB-BAF6-41D4-8810-FD016453ABB9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2A286156-257B-4528-9DB5-B4D4D53211BC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUS_{B5E3E636-7913-4775-BC9B-E4B56F4ED73B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{92833C80-DC88-4A22-8630-407F810EF57B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{602346D6-8E2F-4B0E-820A-CD62AC5B0DC9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUS_{869B93B9-E75A-44DE-8AC5-A030A7A21FDD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F2187E8D-C68A-4655-8551-1932878A5581}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6EE51F51-57B1-4DC7-96C2-857DB7F0BE93}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0A90C645-3F9A-4CF9-BF62-2609602E3DAB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3A48DE63-607B-4FEA-A862-B52669C4433C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34F51E79-0110-4B49-A245-81319F58453E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4B559C7-AA71-4B77-ACA3-50BEA8B4241B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{000791D2-642D-418E-A3E9-96E72D8C67B8}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{05D8C7F6-9A93-4925-B2B3-7D6507AD2FC9}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CF6FBF49-BE22-4B98-9D7D-CB2A3236BC44}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{DAEE93F9-D258-45E4-AFD3-12AC5ED04693}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6FF949A3-1C3F-41C2-9464-933E885ECB53}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CA014CB4-B26F-4D27-BF26-C994CC3428E5}) (Version: - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BBD4F4CE-65D4-4CEB-AE19-E5296A57AA6C}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2837C624-A972-43CF-BCE5-0AE2EFED72E3}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E9172003-60C1-447B-9569-7AA9FADE26B0}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A3417E9E-5B94-4BFF-AAA4-933B1AE46306}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{AAB7E20E-E896-495E-AD19-1A0EF515DCED}) (Version: - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{AAB7E20E-E896-495E-AD19-1A0EF515DCED}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F16E7B82-23FE-4054-AB73-EAE53965251C}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1F1940B-94DF-4DCB-BF82-9530D7FBB1BF}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{A96FBD56-0376-465E-8A60-7E73B9C51658}) (Version: - Microsoft)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (07/09/2013 8.0.0000.00000) (HKLM\...\B228DE36C9BB3DACF6D7E3093BE62455DBC81FA5) (Version: 07/09/2013 8.0.0000.00000 - Google, Inc.)
x64 Components v4.3.7 (HKLM\...\Advanced x64Components_is1) (Version: 4.3.7 - Shark007)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130619 - Xilisoft)
==================== Restore Points =========================
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {040E78E1-7F1A-4E7F-A4AE-C75FE483DC75} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2167A009-9652-493E-83DE-435330D3F761} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2013-10-11] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {39E728F5-3C26-48CA-838A-68214D097CFB} - \FoxTab No Task File
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {408692F2-F290-4EDC-A8B5-917570056F6B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Gonzo-searge Gonzo => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {51D1C62C-3E51-4A31-8643-ACA6CE301712} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2013-06-19] (Bitdefender)
Task: {5BEC8435-1686-4E25-8A16-94469BE4C831} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {739635E2-F15C-4B99-8CE9-4817A9E8140F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75E490D3-D22A-4388-8DC8-AAF6DB64C3E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {82C8901B-8175-443D-8C7B-7502095AD644} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-24] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98FB4728-07B4-4FEE-B8A9-3B8297D630A6} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BCCAF7BD-8D47-44CD-807C-30A1603192DE} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D419F195-C5AC-4F9C-9AD6-B5B33FBDE03C} - System32\Tasks\AutoPico Daily Restart => D:\Program Files\KMSpico\AutoPico.exe [2013-10-29] ()
Task: {D730E2C3-5663-4977-A84A-FCF0183E374A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC6300CB-1B62-45F5-8A09-8B13C55A873A} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe
Task: {E4554C9A-AEE8-4D7F-9AED-D230EB3E104B} - System32\Tasks\Desktop-Autostart => C:\Windows\explorer.exe [2013-10-22] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-11-30 09:38 - 2013-06-19 12:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-11-30 09:38 - 2013-11-28 13:49 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2013-11-30 09:38 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2013-11-30 09:38 - 2013-11-28 13:49 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-03-25 22:49 - 2014-03-25 22:49 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_013\ashttpbr.mdl
2014-03-25 22:49 - 2014-03-25 22:49 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_013\ashttpdsp.mdl
2014-03-25 22:49 - 2014-03-25 22:49 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_013\ashttpph.mdl
2014-03-25 22:49 - 2014-03-25 22:49 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_013\ashttprbl.mdl
2014-04-05 15:16 - 2014-04-05 15:16 - 00706560 _____ () C:\Program Files\002\bukgmhvrux64.exe
2014-03-06 15:52 - 2014-03-06 15:52 - 00171008 _____ () c:\Program Files\RrFilter\RrFilterService64.exe
2014-03-04 13:25 - 2014-03-04 13:25 - 00110080 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 13:25 - 2014-03-04 13:25 - 00317952 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2013-11-30 09:38 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () D:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-10-22 20:30 - 2013-10-22 20:30 - 00661008 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
2014-04-03 07:23 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () D:\FileZilla FTP Client\fzshellext.dll
2014-04-03 07:23 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-03 07:23 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-03 07:23 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-03 07:23 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-03 07:23 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2013-11-30 09:38 - 2014-03-31 14:22 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-04-03 07:23 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: 712: DNSServiceGetAddrInfo v4v6 32b59b58e921fdb78ef33d54b66c54.local.
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: 712: Could not write data to client because of error - aborting connection
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: send_msg ERROR: failed to write 104 of 104 bytes to fd 712 errno 10053 (Eine bestehende Verbindung wurde softwaregesteuert
durch den Hostcomputer abgebrochen.)
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: 672: DNSServiceGetAddrInfo v4v6 32b59b58e921fdb78ef33d54b66c54.local.
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: 672: Could not write data to client because of error - aborting connection
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: send_msg ERROR: failed to write 104 of 104 bytes to fd 672 errno 10053 (Eine bestehende Verbindung wurde softwaregesteuert
durch den Hostcomputer abgebrochen.)
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: 656: DNSServiceGetAddrInfo v4v6 01103B18EC46E639BBE0CD2FE7D232.local.
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: 656: Could not write data to client because of error - aborting connection
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: send_msg ERROR: failed to write 104 of 104 bytes to fd 656 errno 10053 (Eine bestehende Verbindung wurde softwaregesteuert
durch den Hostcomputer abgebrochen.)
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS) (User: )
Description: 684: DNSServiceBrowse _Friendly._sub._bp2p._tcp.local.
System errors:
=============
Error: (04/08/2014 00:57:28 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/08/2014 00:57:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2147943468
Error: (04/08/2014 00:57:20 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: 1068HomeGroupProviderNicht verfügbar{6F7C8E8F-DC69-4E3F-BC05-439962A05FD5}
Error: (04/08/2014 00:57:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147952449
Error: (04/08/2014 00:57:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147952449
Error: (04/08/2014 00:56:03 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: 3 war nicht erfolgreich.
Name des Gruppenrichtlinienobjekts: Local Group Policy
Dateisystempfad des Gruppenrichtlinienobjekts: C:\Windows\System32\GroupPolicy\Machine
Skriptname: D:\Bitdefender\Bitdefender\support.exe
Microsoft Office Sessions:
=========================
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: 712: DNSServiceGetAddrInfo v4v6 32b59b58e921fdb78ef33d54b66c54.local.
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: 712: Could not write data to client because of error - aborting connection
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: send_msg ERROR: failed to write 104 of 104 bytes to fd 712 errno 10053 (Eine bestehende Verbindung wurde softwaregesteuert
durch den Hostcomputer abgebrochen.)
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: 672: DNSServiceGetAddrInfo v4v6 32b59b58e921fdb78ef33d54b66c54.local.
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: 672: Could not write data to client because of error - aborting connection
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: send_msg ERROR: failed to write 104 of 104 bytes to fd 672 errno 10053 (Eine bestehende Verbindung wurde softwaregesteuert
durch den Hostcomputer abgebrochen.)
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: 656: DNSServiceGetAddrInfo v4v6 01103B18EC46E639BBE0CD2FE7D232.local.
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: 656: Could not write data to client because of error - aborting connection
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: send_msg ERROR: failed to write 104 of 104 bytes to fd 656 errno 10053 (Eine bestehende Verbindung wurde softwaregesteuert
durch den Hostcomputer abgebrochen.)
Error: (04/08/2014 08:28:00 PM) (Source: RIM MDNS)(User: )
Description: 684: DNSServiceBrowse _Friendly._sub._bp2p._tcp.local.
CodeIntegrity Errors:
===================================
Date: 2013-11-30 08:29:28.113
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 8190.48 MB
Available physical RAM: 6450.61 MB
Total Pagefile: 9470.48 MB
Available Pagefile: 7182 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:39 GB) (Free:7.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PROGRAMME) (Fixed) (Total:15.7 GB) (Free:8.23 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:57.08 GB) (Free:30.34 GB) NTFS
Drive g: (MP3) (Fixed) (Total:58.59 GB) (Free:21.27 GB) NTFS
Drive h: (MultiVol) (Fixed) (Total:382.5 GB) (Free:150.59 GB) NTFS
Drive i: (INSTALL) (Fixed) (Total:24.65 GB) (Free:10.1 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3238191C)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 03250324)
Partition 2: (Not Active) - (Size=466 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
09.04.2014, 15:02
| #4 |
| /// the machine /// TB-Ausbilder | Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt genau, aber da is noch bissl mehr  Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.04.2014, 20:58
| #5 |
| | Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt Hi Schrauber, die Situation verschlechtert sich. Es ist fast so, als ob hier Gegenmaßnahmen gestartet werden. Seit heute stelle ich ein ungewöhnliches Mausverhalten fest. Der Linksclick scheint nicht richtig zu funktionieren. Einfache Clicks sind nun oft Doppelclicks. Verzeichnisse lassen sich dann teilweise nicht öffnen. Den Rechner habe ich erstmal vom Netz genommen und schreibe von einem frisch aufgesetzten Notebook. Auch Combofix konnte ich vom Desktop nicht starten. Ich erhalte die Fehlermeldung " ... is not meant to run in compatibily mode .." Rootkit? Falsche Combofix? |
|
10.04.2014, 20:31
| #6 | |
| /// the machine /// TB-Ausbilder | Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + RedirektZitat:
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt |
|
10.04.2014, 22:09
| #7 |
| | Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt Danke für deine Hilfestellung. Wir können aber hier abbrechen. Mein System ist recht schlank. Ich habe es innerhalb einer Stunde neu aufgesetzt und dabei gleich das aktuelle Update 1 berücksichtigt. Alle wichtigen Daten liegen sowieso auf dem NAS ... und hier werden nun regelmäßige Sicherheitsbackups und Wiederherstellungspunkte abgelegt. Hammer statt Florett, aber in meinem Fall geht Hammer noch ganz gut. Die Maus im Übrigen war nicht gecaptured. Sie war nur parallel am Empfänger der Tastatur connected ... hatte ich noch nie ... sorry. Trotzdem Megadank für die schnelle Hilfe. Ich werde euch weiter empfehlen und ich habe viel gelernt. Gruß, searge |
|
13.04.2014, 13:47
| #8 |
| /// the machine /// TB-Ausbilder | Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Werbetooltipps doppelt blau unterstrichen in Chrome und IE 11 (Win 8.1) + Redirekt |
| 123serv, benötige, besser, bitdefender, blau, blau unterstrichen, defender, doppel, doppelt, doppelt-blau, gen, hallo zusammen, ie 11, logfiles, malware, malwarebytes, posten, probleme, rechts, redirect, security, system, thema, total, total security, trotz, ungewollte, version, werbetooltipps, win, zusammen |
WARNUNG an die MITLESER: 
Linear-Darstellung
