|
Log-Analyse und Auswertung: Probleme mit UeTAdREmovalApp 2.0Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.07.2014, 22:11 | #1 |
| Probleme mit UeTAdREmovalApp 2.0 Hey Ho liebe Community, wie der Titel schon sagt hab ich ein Problem mit der "Erweiterung" UeTAdREmovalApp 2.0. Schon seit längerer Zeit versuche ich diesen Plagegeist loszuwerden, doch ohne Erfolg. Es scheint so als sei es doch ein Virus, denn mein PC wird dadurch ausgebremst. Diese Erweiterung ist "durch die Unternehmensleitlinien" installiert und kann nicht manuell entfernt werden. Ach ja ich benutze Google Chrome als Browser. Habs auch mal versucht über CCleaener zu entfernen. Vergeblich. Funktioniert alles nicht. Bin jetzt mal nach eurem Leitfaden vorgegangen. Defogger sagt nur Finished. FRST Logfiles und GMER Logfile sind im Anhang als .zip hinzugefügt, da zu groß Leider hab ich kein Antivirus Programm mehr. Ich hatte mal Panda Cloud Antivirus. Das hat aber irgendwann mal nicht mehr funktioniert. Vielleicht könntet ihr mir dann auch by the way ein kostenloses empfehlen. Ich hoffe ihr könnt mir helfen. Weil so langsam nervts. Ständig ploppt ne Seite auf und es wird einfach so ne setup.exe heruntergeladen. Beim Anmachen dews PCs dauert es 3 minuten bis ich was machen kann. Das war vorher nicht so. Ich freue mich über jede Hilfe. MfG Pitfrog |
07.07.2014, 22:13 | #2 |
| Probleme mit UeTAdREmovalApp 2.0 hier ist der panda cloud virus scan file:
__________________Code:
ATTFilter Ereignis Datum/Zeit Status Weitere Details ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Scan 07.07.2014 23:12 Beendet Durchsuche: Kritische Bereiche Trojaner erkannt Trj/Genetic.gen 07.07.2014 23:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 Potenziell unerwünschtes Programm erkannt PUP/MultiToolbar.A 07.07.2014 23:10 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebcfhbpljkfobkefihkfgfaliepdkbhl\2.0_0\sIVvRHwCq.js Cookie erkannt Cookie/Adtech 07.07.2014 23:10 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.adtech.de/] Trojaner erkannt Trj/Chgt.A 07.07.2014 23:10 Nach dem Neustart des Computers ist die Datei gelöscht Speicherort: C:\ProgramData\IePluginServices\PluginService.exe Trojaner erkannt Trj/Chgt.A 07.07.2014 23:10 Nach dem Neustart des Computers ist die Datei gelöscht Speicherort: C:\ProgramData\IePluginService\PluginService.exe Trojaner erkannt Unbekannter Name 07.07.2014 23:09 Ort: Speicher (C:\Windows\SysWOW64\svchost.exe) Synchronisierung 07.07.2014 23:03 Synchronisiert Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen. Scan 07.07.2014 23:03 Gestartet Durchsuche: Kritische Bereiche Trojaner erkannt Trj/Chgt.A 07.07.2014 22:44 Nach dem Neustart des Computers ist die Datei gelöscht Speicherort: C:\ProgramData\WPM\wprotectmanager.exe Trojaner erkannt Unbekannter Name 07.07.2014 22:44 Ort: Speicher (C:\Windows\SysWOW64\svchost.exe) Computer geimpft 07.07.2014 22:43 Geimpft |
16.07.2014, 14:21 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit UeTAdREmovalApp 2.0 Hi und
__________________Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
16.07.2014, 15:40 | #4 |
| Probleme mit UeTAdREmovalApp 2.0 GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-07-07 22:58:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD20 rev.51.0 1863,02GB Running: Gmer-19357.exe; Driver: C:\Users\Marcel\AppData\Local\Temp\kxdiypog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031a2000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800031a2011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f} ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\IePluginService\PluginService.exe[1236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\ProgramData\IePluginService\PluginService.exe[1236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\ProgramData\IePluginServices\PluginService.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\ProgramData\IePluginServices\PluginService.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072121a22 2 bytes [12, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072121ad0 2 bytes [12, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072121b08 2 bytes [12, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072121bba 2 bytes [12, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072121bda 2 bytes [12, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000776f091c 5 bytes JMP 0000000103045945 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007770261d 5 bytes JMP 00000001030453cc .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007770c4dd 5 bytes JMP 0000000103045a6e .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077712ad3 5 bytes JMP 0000000103045412 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077734168 5 bytes JMP 0000000103045458 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007773e695 5 bytes JMP 000000010304549e .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000076d8453c 5 bytes JMP 0000000103045b0e .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetDC 0000000076a472c4 5 bytes JMP 0000000103050912 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076a47446 5 bytes JMP 0000000103050990 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076a47809 5 bytes JMP 000000010304f91f .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076a478e2 5 bytes JMP 000000010304da52 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076a47bd3 5 bytes JMP 000000010304da7a .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076a48048 5 bytes JMP 0000000103050951 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076a48a65 5 bytes JMP 00000001030456d0 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076a4b17d 5 bytes JMP 000000010304576a .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000076a4db98 5 bytes JMP 00000001030457bc .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076a505ba 5 bytes JMP 000000010304daa2 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076a50d32 5 bytes JMP 0000000103045602 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076a51218 5 bytes JMP 000000010304d885 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076a51341 5 bytes JMP 0000000103050877 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076a51361 5 bytes JMP 0000000103050807 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076a52a8d 5 bytes JMP 000000010304d853 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076a52aac 5 bytes JMP 000000010304d9b3 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076a53391 5 bytes JMP 00000001030508b7 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076a5434b 5 bytes JMP 000000010304571d .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076a55f74 5 bytes JMP 000000010304dacd .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076a56222 5 bytes JMP 0000000103050a63 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076a5792f 5 bytes JMP 000000010304564b .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076a57fbb 5 bytes JMP 000000010304552d .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000076a5810c 5 bytes JMP 00000001030455bc .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076a585c1 5 bytes JMP 00000001030454e4 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076a586b4 5 bytes JMP 0000000103045576 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000076a6d41f 5 bytes JMP 00000001030509d0 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076a6ed49 5 bytes JMP 000000010304d963 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076a6ed56 5 bytes JMP 000000010304d909 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076a89854 5 bytes JMP 00000001030453ae .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076a89cfd 5 bytes JMP 000000010304d8cc .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076a89f1d 5 bytes JMP 000000010304fa85 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000076aa87cb 5 bytes JMP 000000010304535e .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000768c3918 5 bytes JMP 000000010304febd .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000768c4406 5 bytes JMP 000000010304ff16 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WS2_32.dll!send 00000000768c6f01 5 bytes JMP 000000010304fef5 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000077128af0 5 bytes JMP 000000010305a437 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 000000007712a4a2 5 bytes JMP 000000010305a27d .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000077187549 5 bytes JMP 000000010305a3b5 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000077188b52 5 bytes JMP 000000010305a4ad .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000771941f7 5 bytes JMP 000000010305a3f8 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000077195d88 5 bytes JMP 000000010305a481 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000077196570 5 bytes JMP 000000010305a1d5 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000771a9b82 5 bytes JMP 000000010305a229 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000077217f39 5 bytes JMP 000000010305a319 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[3032] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bc18b8 5 bytes JMP 000000010305c8ed .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000776f091c 5 bytes JMP 0000000103a75945 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007770261d 5 bytes JMP 0000000103a753cc .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007770c4dd 5 bytes JMP 0000000103a75a6e .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077712ad3 5 bytes JMP 0000000103a75412 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077734168 5 bytes JMP 0000000103a75458 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007773e695 5 bytes JMP 0000000103a7549e .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000076d8453c 5 bytes JMP 0000000103a75b0e .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetDC 0000000076a472c4 5 bytes JMP 0000000103a80912 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076a47446 5 bytes JMP 0000000103a80990 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076a47809 5 bytes JMP 0000000103a7f91f .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076a478e2 5 bytes JMP 0000000103a7da52 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076a47bd3 5 bytes JMP 0000000103a7da7a .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076a48048 5 bytes JMP 0000000103a80951 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076a48a65 5 bytes JMP 0000000103a756d0 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076a4b17d 5 bytes JMP 0000000103a7576a .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000076a4db98 5 bytes JMP 0000000103a757bc .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076a505ba 5 bytes JMP 0000000103a7daa2 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076a50d32 5 bytes JMP 0000000103a75602 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076a51218 5 bytes JMP 0000000103a7d885 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076a51341 5 bytes JMP 0000000103a80877 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076a51361 5 bytes JMP 0000000103a80807 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076a52a8d 5 bytes JMP 0000000103a7d853 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076a52aac 5 bytes JMP 0000000103a7d9b3 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076a53391 5 bytes JMP 0000000103a808b7 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076a5434b 5 bytes JMP 0000000103a7571d .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076a55f74 5 bytes JMP 0000000103a7dacd .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076a56222 5 bytes JMP 0000000103a80a63 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076a5792f 5 bytes JMP 0000000103a7564b .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076a57fbb 5 bytes JMP 0000000103a7552d .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000076a5810c 5 bytes JMP 0000000103a755bc .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076a585c1 5 bytes JMP 0000000103a754e4 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076a586b4 5 bytes JMP 0000000103a75576 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000076a6d41f 5 bytes JMP 0000000103a809d0 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076a6ed49 5 bytes JMP 0000000103a7d963 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076a6ed56 3 bytes JMP 0000000103a7d909 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!SetCapture + 4 0000000076a6ed5a 1 byte {JMP 0x2} .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076a89854 5 bytes JMP 0000000103a753ae .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076a89cfd 5 bytes JMP 0000000103a7d8cc .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076a89f1d 5 bytes JMP 0000000103a7fa85 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000076aa87cb 5 bytes JMP 0000000103a7535e .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000768c3918 5 bytes JMP 0000000103a7febd .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000768c4406 5 bytes JMP 0000000103a7ff16 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WS2_32.dll!send 00000000768c6f01 5 bytes JMP 0000000103a7fef5 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000077128af0 5 bytes JMP 0000000103a8a437 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 000000007712a4a2 5 bytes JMP 0000000103a8a27d .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000077187549 5 bytes JMP 0000000103a8a3b5 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000077188b52 5 bytes JMP 0000000103a8a4ad .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000771941f7 5 bytes JMP 0000000103a8a3f8 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000077195d88 5 bytes JMP 0000000103a8a481 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000077196570 5 bytes JMP 0000000103a8a1d5 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000771a9b82 5 bytes JMP 0000000103a8a229 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000077217f39 5 bytes JMP 0000000103a8a319 .text C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe[2156] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bc18b8 5 bytes JMP 0000000103a8c8ed .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000776f091c 5 bytes JMP 00000001079f5945 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007770261d 5 bytes JMP 00000001079f53cc .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007770c4dd 5 bytes JMP 00000001079f5a6e .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077712ad3 5 bytes JMP 00000001079f5412 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077734168 5 bytes JMP 00000001079f5458 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007773e695 5 bytes JMP 00000001079f549e .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000076d8453c 5 bytes JMP 00000001079f5b0e .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetDC 0000000076a472c4 5 bytes JMP 0000000107a00912 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076a47446 5 bytes JMP 0000000107a00990 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076a47809 5 bytes JMP 00000001079ff91f .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076a478e2 5 bytes JMP 00000001079fda52 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076a47bd3 5 bytes JMP 00000001079fda7a .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076a48048 5 bytes JMP 0000000107a00951 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076a48a65 5 bytes JMP 00000001079f56d0 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076a4b17d 5 bytes JMP 00000001079f576a .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!RegisterClassExA 0000000076a4db98 5 bytes JMP 00000001079f57bc .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076a505ba 5 bytes JMP 00000001079fdaa2 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076a50d32 5 bytes JMP 00000001079f5602 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076a51218 5 bytes JMP 00000001079fd885 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076a51341 5 bytes JMP 0000000107a00877 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076a51361 5 bytes JMP 0000000107a00807 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076a52a8d 5 bytes JMP 00000001079fd853 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076a52aac 5 bytes JMP 00000001079fd9b3 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076a53391 5 bytes JMP 0000000107a008b7 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076a5434b 5 bytes JMP 00000001079f571d .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076a55f74 5 bytes JMP 00000001079fdacd .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076a56222 5 bytes JMP 0000000107a00a63 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076a5792f 5 bytes JMP 00000001079f564b .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076a57fbb 5 bytes JMP 00000001079f552d .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 0000000076a5810c 5 bytes JMP 00000001079f55bc .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076a585c1 5 bytes JMP 00000001079f54e4 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076a586b4 5 bytes JMP 00000001079f5576 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetUpdateRect 0000000076a6d41f 5 bytes JMP 0000000107a009d0 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076a6ed49 5 bytes JMP 00000001079fd963 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076a6ed56 5 bytes JMP 00000001079fd909 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076a89854 5 bytes JMP 00000001079f53ae .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076a89cfd 5 bytes JMP 00000001079fd8cc .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076a89f1d 5 bytes JMP 00000001079ffa85 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 0000000076aa87cb 5 bytes JMP 00000001079f535e .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000768c3918 5 bytes JMP 00000001079ffebd .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000768c4406 5 bytes JMP 00000001079fff16 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WS2_32.dll!send 00000000768c6f01 5 bytes JMP 00000001079ffef5 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000077128af0 5 bytes JMP 0000000107a0a437 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 000000007712a4a2 5 bytes JMP 0000000107a0a27d .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000077187549 5 bytes JMP 0000000107a0a3b5 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000077188b52 5 bytes JMP 0000000107a0a4ad .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000771941f7 5 bytes JMP 0000000107a0a3f8 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000077195d88 5 bytes JMP 0000000107a0a481 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000077196570 5 bytes JMP 0000000107a0a1d5 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000771a9b82 5 bytes JMP 0000000107a0a229 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000077217f39 5 bytes JMP 0000000107a0a319 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe[2168] C:\Windows\syswow64\Crypt32.DLL!PFXImportCertStore 0000000076bc18b8 5 bytes JMP 0000000107a0c8ed .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000776f091c 5 bytes JMP 00000001001d5945 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007770261d 5 bytes JMP 00000001001d53cc .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007770c4dd 5 bytes JMP 00000001001d5a6e .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077712ad3 5 bytes JMP 00000001001d5412 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077734168 5 bytes JMP 00000001001d5458 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007773e695 5 bytes JMP 00000001001d549e .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000076d8453c 5 bytes JMP 00000001001d5b0e .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\ws2_32.dll!closesocket 00000000768c3918 5 bytes JMP 00000001001dfebd .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\ws2_32.dll!WSASend 00000000768c4406 5 bytes JMP 00000001001dff16 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\ws2_32.dll!send 00000000768c6f01 5 bytes JMP 00000001001dfef5 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetDC 0000000076a472c4 5 bytes JMP 00000001001e0912 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!ReleaseDC 0000000076a47446 5 bytes JMP 00000001001e0990 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!TranslateMessage 0000000076a47809 5 bytes JMP 00000001001df91f .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetMessageW 0000000076a478e2 5 bytes JMP 00000001001dda52 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetMessageA 0000000076a47bd3 5 bytes JMP 00000001001dda7a .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetWindowDC 0000000076a48048 5 bytes JMP 00000001001e0951 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!RegisterClassW 0000000076a48a65 5 bytes JMP 00000001001d56d0 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!RegisterClassExW 0000000076a4b17d 5 bytes JMP 00000001001d576a .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!RegisterClassExA 0000000076a4db98 5 bytes JMP 00000001001d57bc .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!PeekMessageW 0000000076a505ba 5 bytes JMP 00000001001ddaa2 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!CallWindowProcW 0000000076a50d32 5 bytes JMP 00000001001d5602 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetCursorPos 0000000076a51218 5 bytes JMP 00000001001dd885 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!EndPaint 0000000076a51341 5 bytes JMP 00000001001e0877 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!BeginPaint 0000000076a51361 5 bytes JMP 00000001001e0807 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetMessagePos 0000000076a52a8d 5 bytes JMP 00000001001dd853 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetCapture 0000000076a52aac 5 bytes JMP 00000001001dd9b3 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetDCEx 0000000076a53391 5 bytes JMP 00000001001e08b7 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!RegisterClassA 0000000076a5434b 5 bytes JMP 00000001001d571d .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!PeekMessageA 0000000076a55f74 5 bytes JMP 00000001001ddacd .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetUpdateRgn 0000000076a56222 5 bytes JMP 00000001001e0a63 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!CallWindowProcA 0000000076a5792f 5 bytes JMP 00000001001d564b .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!DefFrameProcA 0000000076a57fbb 5 bytes JMP 00000001001d552d .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!DefMDIChildProcA 0000000076a5810c 5 bytes JMP 00000001001d55bc .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!DefFrameProcW 0000000076a585c1 5 bytes JMP 00000001001d54e4 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!DefMDIChildProcW 0000000076a586b4 5 bytes JMP 00000001001d5576 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetUpdateRect 0000000076a6d41f 5 bytes JMP 00000001001e09d0 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!ReleaseCapture 0000000076a6ed49 5 bytes JMP 00000001001dd963 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!SetCapture 0000000076a6ed56 5 bytes JMP 00000001001dd909 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!SwitchDesktop 0000000076a89854 5 bytes JMP 00000001001d53ae .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!SetCursorPos 0000000076a89cfd 5 bytes JMP 00000001001dd8cc .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!GetClipboardData 0000000076a89f1d 5 bytes JMP 00000001001dfa85 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\user32.dll!OpenInputDesktop 0000000076aa87cb 5 bytes JMP 00000001001d535e .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076bc18b8 5 bytes JMP 00000001001ec8ed .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000077128af0 5 bytes JMP 00000001001ea437 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 000000007712a4a2 5 bytes JMP 00000001001ea27d .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000077187549 5 bytes JMP 00000001001ea3b5 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000077188b52 5 bytes JMP 00000001001ea4ad .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000771941f7 5 bytes JMP 00000001001ea3f8 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000077195d88 5 bytes JMP 00000001001ea481 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000077196570 5 bytes JMP 00000001001ea1d5 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000771a9b82 5 bytes JMP 00000001001ea229 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 0000000077217f39 5 bytes JMP 00000001001ea319 .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Windows\syswow64\svchost.exe[3064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text C:\Windows\SysWOW64\svchost.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Windows\SysWOW64\svchost.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 .text D:\Programme\PSUAMain.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000776f091c 5 bytes JMP 0000000100ee5945 .text D:\Programme\PSUAMain.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007770261d 5 bytes JMP 0000000100ee53cc .text D:\Programme\PSUAMain.exe[5812] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007770c4dd 5 bytes JMP 0000000100ee5a6e .text D:\Programme\PSUAMain.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077712ad3 5 bytes JMP 0000000100ee5412 .text D:\Programme\PSUAMain.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077734168 5 bytes JMP 0000000100ee5458 .text D:\Programme\PSUAMain.exe[5812] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007773e695 5 bytes JMP 0000000100ee549e .text D:\Programme\PSUAMain.exe[5812] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000076d8453c 5 bytes JMP 0000000100ee5b0e .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75] .text C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2068:4244] 000007fee7f89688 ---- Processes - GMER 2.1 ---- Library C:\Users\Marcel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2168](2014-01-03 01:09:26) 0000000004100000 Library c:\users\marcel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuenwy0.dll (*** suspicious ***) @ C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2168](2014-07-07 20:23:03) 00000000026c0000 Library C:\Users\Marcel\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2168](2013-08-23 19:01:44) 000000006e9e0000 Library C:\Users\Marcel\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2168] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000006e050000 ---- EOF - GMER 2.1 ---- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by Marcel (administrator) on MARCEL-PC on 07-07-2014 22:39:44 Running from C:\Users\Marcel\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (AMD) C:\Windows\System32\atieclxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Akamai Technologies, Inc.) C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe (Dropbox, Inc.) C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Marcel\Downloads\PandaCloud301Antivirus (1).exe (Panda Security, S.L.) C:\Users\Marcel\AppData\Local\Temp\RarSFX0\StubInstaller.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1912227016-3206441769-1861265668-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-1912227016-3206441769-1861265668-1000\...\Run: [wqswdw] => C:\Users\Marcel\AppData\Roaming\help.exe [55632 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-1912227016-3206441769-1861265668-1000\...\Run: [{7521DEA2-4614-5CE4-3A04-0D4D709033E6}] => C:\Users\Marcel\AppData\Roaming\Viory\gaun.exe [13217792 2013-06-07] () HKU\S-1-5-21-1912227016-3206441769-1861265668-1000\...\CurrentVersion\Windows: [Load] C:\Users\Marcel\LOCALS~1\Temp\msacnzaip.pif <===== ATTENTION Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=ee52b741-83e0-46e1-9f4d-29ed19886cf7&searchtype=ds&q={searchTerms}&installDate=01/01/1970 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=ee52b741-83e0-46e1-9f4d-29ed19886cf7&searchtype=ds&q={searchTerms}&installDate=01/01/1970 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=ee52b741-83e0-46e1-9f4d-29ed19886cf7&searchtype=ds&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.helpmefindyour.info/?l=1&q={searchTerms}&pid=356&r=2013/04/16&hid=2062456118&lg=EN&cc=DE SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402637522&from=wpm0612&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=ee52b741-83e0-46e1-9f4d-29ed19886cf7&searchtype=ds&q={searchTerms}&installDate=01/01/1970 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1402637522&from=wpm0612&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922&q={searchTerms} BHO: No Name - {11111111-1111-1111-1111-110511311172} - No File BHO: No Name - {11111111-1111-1111-1111-110511421146} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 FF DefaultSearchEngine: webssearches FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: webssearches FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=ee52b741-83e0-46e1-9f4d-29ed19886cf7&searchtype=ds&installDate=01/01/1970&q= FF NetworkProxy: "http", "www-proxy.t-online.de" FF NetworkProxy: "http_port", 80 FF NetworkProxy: "share_proxy_settings", true FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF user.js: detected! => C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default\user.js FF SearchPlugin: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default\Extensions\staged [2014-05-21] FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default\extensions\quick_start@gmail.com Chrome: ======= CHR StartupUrls: "hxxp://google.de/" CHR Extension: (UeTAdREmovalApp) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebcfhbpljkfobkefihkfgfaliepdkbhl [2014-07-07] CHR HKLM-x32\...\Chrome\Extension: [fgnippahjheicjenccifemomfgjofdhp] - C:\ProgramData\TheBflix\fgnippahjheicjenccifemomfgjofdhp.crx [2012-04-20] CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.delta-homes.com/?type=sc&ts=1402637522&from=wpm0612&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] (Cherished Technololgy LIMITED) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] () R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [540304 2014-06-11] (Cherished Technololgy LIMITED) S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-06] (DT Soft Ltd) R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed] S3 massfilter; system32\drivers\massfilter.sys [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 22:39 - 2014-07-07 22:40 - 00017647 _____ () C:\Users\Marcel\Downloads\FRST.txt 2014-07-07 22:39 - 2014-07-07 22:39 - 07031360 _____ (383 Media, Inc.) C:\Users\Marcel\Downloads\DriverRestore.exe 2014-07-07 22:39 - 2014-07-07 22:39 - 02084352 _____ (Farbar) C:\Users\Marcel\Downloads\FRST64.exe 2014-07-07 22:39 - 2014-07-07 22:39 - 00000000 ____D () C:\FRST 2014-07-07 22:38 - 2014-07-07 22:38 - 00000474 _____ () C:\Users\Marcel\Downloads\defogger_disable.log 2014-07-07 22:38 - 2014-07-07 22:38 - 00000000 _____ () C:\Users\Marcel\defogger_reenable 2014-07-07 22:37 - 2014-07-07 22:37 - 00050477 _____ () C:\Users\Marcel\Downloads\Defogger.exe 2014-07-07 22:28 - 2014-07-07 22:29 - 01369712 _____ () C:\Users\Marcel\Downloads\PandaCloud301Antivirus (1).exe 2014-07-07 22:16 - 2014-07-07 22:16 - 01010424 _____ () C:\Users\Marcel\Downloads\setup (1).exe 2014-07-07 22:13 - 2014-07-07 22:13 - 00068640 _____ () C:\Users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-07 22:11 - 2014-07-07 22:22 - 00000112 _____ () C:\Windows\setupact.log 2014-07-07 22:11 - 2014-07-07 22:11 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-07 22:10 - 2014-07-07 22:11 - 02875128 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-07 22:10 - 2014-07-07 22:10 - 00002682 _____ () C:\Windows\PFRO.log 2014-07-07 22:08 - 2014-07-07 22:08 - 01369712 _____ () C:\Users\Marcel\Downloads\PandaCloud301Antivirus.exe 2014-07-07 21:53 - 2014-07-07 21:53 - 00000000 ____D () C:\Program Files (x86)\predm 2014-07-05 14:29 - 2014-07-07 21:56 - 00000000 ____D () C:\Users\Marcel\AppData\Local\side_07051229 2014-07-05 14:29 - 2014-07-05 14:29 - 00000266 _____ () C:\Users\Marcel\AppData\Local\dsbqi.bat 2014-07-05 14:29 - 2014-07-05 14:29 - 00000000 ____D () C:\Users\Marcel\AppData\Local\JFileManager 2014-07-03 14:46 - 2014-07-07 22:10 - 00000000 ____D () C:\ProgramData\SaVeoLots 2014-06-19 20:37 - 2014-06-19 20:37 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Unity 2014-06-19 20:36 - 2014-06-19 20:36 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Unity 2014-06-15 16:52 - 2014-07-07 22:08 - 00086742 _____ () C:\Users\Marcel\AppData\Roaming\svchost 2014-06-14 18:31 - 2014-07-07 22:10 - 00000000 ____D () C:\ProgramData\MianiMUmPPriice 2014-06-13 07:32 - 2014-07-07 21:51 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\337Games 2014-06-13 07:32 - 2014-06-13 07:33 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-11 12:22 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 12:22 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 12:22 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 12:22 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 12:22 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 12:22 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 12:22 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 12:22 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 12:22 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 12:22 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 12:22 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 12:22 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 12:22 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 12:22 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 12:22 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 12:22 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 12:22 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 12:22 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 12:22 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 12:22 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 12:22 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 12:22 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 12:22 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 12:22 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-11 12:22 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-11 12:22 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 12:22 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 12:22 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 12:22 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-11 12:22 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 12:22 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 12:22 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 12:22 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-11 12:22 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 12:22 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 12:22 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 12:22 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-11 12:22 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-11 12:22 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 12:22 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 12:22 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 12:22 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 12:22 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 12:22 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-11 12:22 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 12:22 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 12:22 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 12:22 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 12:22 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 12:22 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 12:22 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 12:22 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-11 12:22 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 12:22 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 12:22 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 12:22 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 12:22 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 12:22 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 12:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 12:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-11 12:22 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 12:22 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-11 12:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-11 12:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-11 12:21 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 12:21 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== One Month Modified Files and Folders ======= 2014-07-07 22:40 - 2014-07-07 22:39 - 00017647 _____ () C:\Users\Marcel\Downloads\FRST.txt 2014-07-07 22:39 - 2014-07-07 22:39 - 07031360 _____ (383 Media, Inc.) C:\Users\Marcel\Downloads\DriverRestore.exe 2014-07-07 22:39 - 2014-07-07 22:39 - 02084352 _____ (Farbar) C:\Users\Marcel\Downloads\FRST64.exe 2014-07-07 22:39 - 2014-07-07 22:39 - 00000000 ____D () C:\FRST 2014-07-07 22:39 - 2013-06-23 20:01 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\tor 2014-07-07 22:38 - 2014-07-07 22:38 - 00000474 _____ () C:\Users\Marcel\Downloads\defogger_disable.log 2014-07-07 22:38 - 2014-07-07 22:38 - 00000000 _____ () C:\Users\Marcel\defogger_reenable 2014-07-07 22:38 - 2012-04-12 17:07 - 00000000 ____D () C:\Users\Marcel 2014-07-07 22:37 - 2014-07-07 22:37 - 00050477 _____ () C:\Users\Marcel\Downloads\Defogger.exe 2014-07-07 22:31 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-07 22:31 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-07 22:29 - 2014-07-07 22:28 - 01369712 _____ () C:\Users\Marcel\Downloads\PandaCloud301Antivirus (1).exe 2014-07-07 22:27 - 2012-12-14 19:07 - 02002748 _____ () C:\Windows\WindowsUpdate.log 2014-07-07 22:27 - 2012-04-13 02:13 - 02265982 _____ () C:\Windows\system32\perfh007.dat 2014-07-07 22:27 - 2012-04-13 02:13 - 00637622 _____ () C:\Windows\system32\perfc007.dat 2014-07-07 22:27 - 2009-07-14 07:13 - 00006690 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-07 22:23 - 2014-05-05 12:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DropboxMaster 2014-07-07 22:23 - 2012-10-17 23:24 - 00000000 ___RD () C:\Users\Marcel\Dropbox 2014-07-07 22:23 - 2012-10-17 23:23 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Dropbox 2014-07-07 22:22 - 2014-07-07 22:11 - 00000112 _____ () C:\Windows\setupact.log 2014-07-07 22:22 - 2012-11-20 01:40 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-07-07 22:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-07 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-07-07 22:16 - 2014-07-07 22:16 - 01010424 _____ () C:\Users\Marcel\Downloads\setup (1).exe 2014-07-07 22:13 - 2014-07-07 22:13 - 00068640 _____ () C:\Users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-07 22:11 - 2014-07-07 22:11 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-07 22:11 - 2014-07-07 22:10 - 02875128 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-07 22:10 - 2014-07-07 22:10 - 00002682 _____ () C:\Windows\PFRO.log 2014-07-07 22:10 - 2014-07-03 14:46 - 00000000 ____D () C:\ProgramData\SaVeoLots 2014-07-07 22:10 - 2014-06-14 18:31 - 00000000 ____D () C:\ProgramData\MianiMUmPPriice 2014-07-07 22:10 - 2014-05-23 20:35 - 00000000 ____D () C:\ProgramData\ShoppDrop 2014-07-07 22:08 - 2014-07-07 22:08 - 01369712 _____ () C:\Users\Marcel\Downloads\PandaCloud301Antivirus.exe 2014-07-07 22:08 - 2014-06-15 16:52 - 00086742 _____ () C:\Users\Marcel\AppData\Roaming\svchost 2014-07-07 22:08 - 2012-04-12 17:21 - 00000000 ____D () C:\ProgramData\Panda Security 2014-07-07 22:05 - 2013-03-06 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro 2014-07-07 21:56 - 2014-07-05 14:29 - 00000000 ____D () C:\Users\Marcel\AppData\Local\side_07051229 2014-07-07 21:55 - 2014-06-06 16:22 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DVDVideoSoft 2014-07-07 21:55 - 2014-02-13 21:15 - 00000000 ____D () C:\ProgramData\f1ab4f6828398a92 2014-07-07 21:53 - 2014-07-07 21:53 - 00000000 ____D () C:\Program Files (x86)\predm 2014-07-07 21:51 - 2014-06-13 07:32 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\337Games 2014-07-05 14:29 - 2014-07-05 14:29 - 00000266 _____ () C:\Users\Marcel\AppData\Local\dsbqi.bat 2014-07-05 14:29 - 2014-07-05 14:29 - 00000000 ____D () C:\Users\Marcel\AppData\Local\JFileManager 2014-07-01 12:57 - 2012-07-21 23:02 - 00000000 ____D () C:\Users\Marcel\AppData\Local\PMB Files 2014-06-29 13:11 - 2012-04-12 17:35 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\UseNeXT 2014-06-25 21:51 - 2012-08-18 18:08 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Spotify 2014-06-25 16:29 - 2012-08-18 18:08 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Spotify 2014-06-20 16:09 - 2014-04-06 00:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-06-20 16:08 - 2014-04-06 00:13 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Battle.net 2014-06-19 20:37 - 2014-06-19 20:37 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Unity 2014-06-19 20:36 - 2014-06-19 20:36 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Unity 2014-06-14 19:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-13 07:33 - 2014-06-13 07:32 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-13 07:32 - 2014-04-10 18:08 - 00000000 ____D () C:\ProgramData\WPM 2014-06-13 07:32 - 2012-04-12 17:10 - 00001647 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-11 16:50 - 2013-08-14 23:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-11 16:49 - 2012-04-17 08:03 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 16:48 - 2014-05-06 16:12 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-11 16:47 - 2012-04-12 17:25 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Skype 2014-06-08 11:13 - 2014-06-11 12:21 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-11 12:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Marcel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuenwy0.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-24 18:50 ==================== End Of Log ============================ --- --- --- |
16.07.2014, 15:41 | #5 |
| Probleme mit UeTAdREmovalApp 2.0 addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01 Ran by Marcel at 2014-07-07 22:40:31 Running from C:\Users\Marcel\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0708.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated) Adobe Creative Suite 4 Design Premium (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Common Base Files (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Icon Handler (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe SGM CS4 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.) Adobe SING CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AMD APP SDK Runtime (Version: 10.0.851.6 - Advanced Micro Devices Inc.) Hidden AMD AVIVO64 Codecs (Version: 12.2.0.20120 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{E9B9B928-7F1F-C249-6BF6-56D830041476}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.70120.0434 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) applicationupdater (HKCU\...\SOE-C:/Users/Marcel/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite MFC-7360N DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.0120.420.7502 - Ihr Firmenname) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0120.0419.7502 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0120.420.7502 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd) Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.) Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 28-06-2014 16:44:32 Windows Update 05-07-2014 12:13:59 Windows Update 05-07-2014 18:02:23 Windows Defender Checkpoint 07-07-2014 19:52:16 Removed Dassault Systemes Software Prerequisites x86-x64 07-07-2014 19:54:30 Photoshop Camera Raw_x64 wird entfernt 07-07-2014 19:54:51 Photoshop Camera Raw_x64 wird entfernt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {DA6BFE4C-BB9F-46AC-B594-EE4157E74065} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EC82A01D-FC24-41E5-9F0F-675BE7F7F488} - \UALU notificatin No Task File <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-12-08 17:14 - 2012-12-08 17:14 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-01-20 04:13 - 2012-01-20 04:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-07-07 22:28 - 2014-07-07 22:29 - 01369712 _____ () C:\Users\Marcel\Downloads\PandaCloud301Antivirus (1).exe 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-07-07 22:23 - 2014-07-07 22:23 - 00043008 _____ () c:\users\marcel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuenwy0.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Marcel\AppData\Roaming\Dropbox\bin\libcef.dll 2014-04-13 09:59 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll 2014-04-13 09:59 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll 2014-04-13 09:59 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll 2014-04-13 09:59 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll 2014-04-13 09:59 - 2014-04-02 03:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll 2014-04-13 09:59 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll 2014-04-13 09:59 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll 2014-02-14 17:24 - 2014-02-14 17:24 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll 2012-04-12 16:31 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/07/2014 10:27:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (07/07/2014 10:27:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/07/2014 10:27:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/07/2014 10:24:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 10:17:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (07/07/2014 10:17:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/07/2014 10:17:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (07/07/2014 10:12:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 10:11:26 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/07/2014 10:11:26 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (07/07/2014 10:26:46 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT-AUTORITÄT) Description: Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=1117) beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-WindowsUpdateClient/Operational" erkannt. Error: (07/07/2014 10:23:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/07/2014 10:23:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/07/2014 10:23:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/07/2014 10:23:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/07/2014 10:23:21 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (07/07/2014 10:23:21 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (07/07/2014 10:23:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/07/2014 10:23:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/07/2014 10:23:10 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Microsoft Office Sessions: ========================= Error: (07/07/2014 10:27:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/07/2014 10:27:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/07/2014 10:27:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/07/2014 10:24:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 10:17:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (07/07/2014 10:17:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/07/2014 10:17:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (07/07/2014 10:12:41 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 10:11:26 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (07/07/2014 10:11:26 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 8172.26 MB Available physical RAM: 5843.01 MB Total Pagefile: 16342.7 MB Available Pagefile: 13564.94 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:921.45 GB) (Free:832.69 GB) NTFS Drive d: (DATA) (Fixed) (Total:921.47 GB) (Free:841.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6F18E323) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=921 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=921 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
16.07.2014, 15:47 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit UeTAdREmovalApp 2.0 Adobe CS4? Ist das ein gewerblich genutztes System? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!
__________________ --> Probleme mit UeTAdREmovalApp 2.0 |
16.07.2014, 15:49 | #7 |
| Probleme mit UeTAdREmovalApp 2.0 vor 8 Tagen hab ich den hier gemacht. Code:
ATTFilter Ereignis Datum/Zeit Status Weitere Details ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Trojaner erkannt Unbekannter Name 08.07.2014 07:16 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Templates\side.exe Cookie erkannt Cookie/Serving-sys 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1145792720-user\Cookies\Cookies[.serving-sys.com/] Cookie erkannt Unbekannter Name 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1145792720-user\Cookies\Cookies[.doubleclick.net/] Cookie erkannt Cookie/Serving-sys 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1145792720-user\Apps\discover\Cookies[.serving-sys.com/] Cookie erkannt Unbekannter Name 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1145792720-user\Apps\discover\Cookies[.doubleclick.net/] Cookie erkannt Cookie/Adtech 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1145792720-user\Apps\discover\Cookies[.adtech.de/] Cookie erkannt Cookie/Serving-sys 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Cookies\Cookies[.serving-sys.com/] Cookie erkannt Cookie/Mediaplex 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Cookies\Cookies[.mediaplex.com/] Cookie erkannt Unbekannter Name 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Cookies\Cookies[.doubleclick.net/] Cookie erkannt Cookie/Serving-sys 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Cookies\Cookies[.bs.serving-sys.com/] Cookie erkannt Cookie/Adtech 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Cookies\Cookies[.adtech.de/] Cookie erkannt Cookie/Serving-sys 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Apps\home\Cookies[.serving-sys.com/] Cookie erkannt Cookie/QuestionMarket 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Apps\home\Cookies[.questionmarket.com/] Cookie erkannt Unbekannter Name 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Apps\home\Cookies[.doubleclick.net/] Cookie erkannt Cookie/Serving-sys 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Apps\discover\Cookies[.serving-sys.com/] Cookie erkannt Unbekannter Name 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Apps\discover\Cookies[.doubleclick.net/] Cookie erkannt Cookie/Adtech 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Apps\discover\Cookies[.adtech.de/] Cookie erkannt Unbekannter Name 08.07.2014 07:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Roaming\Spotify\Users\1144025130-user\Apps\browse\Cookies[.doubleclick.net/] Potenziell unerwünschtes Programm erkannt PUP/MultiToolbar.A 08.07.2014 06:57 Gelöscht Speicherort: C:\ProgramData\ebcfhbpljkfobkefihkfgfaliepdkbhl\ebcfhbpljkfobkefihkfgfaliepdkbhl.crx[sIVvRHwCq.js] Cookie erkannt Cookie/Advertising 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.advertising.com/] Cookie erkannt Cookie/BurstNet 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.burstnet.com/] Cookie erkannt Cookie/Casalemedia 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.casalemedia.com/] Cookie erkannt Unbekannter Name 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.doubleclick.net/] Cookie erkannt Cookie/FastClick 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.fastclick.net/] Cookie erkannt Cookie/Mediaplex 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.mediaplex.com/] Cookie erkannt Cookie/Serving-sys 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.serving-sys.com/] Cookie erkannt Cookie/Smartadserver 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.smartadserver.com/] Cookie erkannt Cookie/Weborama 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.weborama.fr/] Cookie erkannt Cookie/Adtech 07.07.2014 23:37 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.adtech.de/] Trojaner erkannt Unbekannter Name 07.07.2014 23:36 Ort: Speicher (C:\Windows\SysWOW64\svchost.exe) Scan 07.07.2014 23:26 Gestartet Kompletter Scan (Gesamten Arbeitsplatz) Scan 07.07.2014 23:24 Abgebrochen Kompletter Scan (Gesamten Arbeitsplatz) Scan 07.07.2014 23:23 Gestartet Kompletter Scan (Gesamten Arbeitsplatz) Trojaner erkannt Unbekannter Name 07.07.2014 23:19 Nach dem Neustart des Computers ist die Datei gelöscht Speicherort: C:\Users\Marcel\Local Settings\Temp\msacnzaip.pif Computer geimpft 07.07.2014 23:19 Geimpft Scan 07.07.2014 23:12 Beendet Durchsuche: Kritische Bereiche Trojaner erkannt Trj/Genetic.gen 07.07.2014 23:12 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 Potenziell unerwünschtes Programm erkannt PUP/MultiToolbar.A 07.07.2014 23:10 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebcfhbpljkfobkefihkfgfaliepdkbhl\2.0_0\sIVvRHwCq.js Cookie erkannt Cookie/Adtech 07.07.2014 23:10 Gelöscht Speicherort: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Cookies[.adtech.de/] Trojaner erkannt Trj/Chgt.A 07.07.2014 23:10 Nach dem Neustart des Computers ist die Datei gelöscht Speicherort: C:\ProgramData\IePluginServices\PluginService.exe Trojaner erkannt Trj/Chgt.A 07.07.2014 23:10 Nach dem Neustart des Computers ist die Datei gelöscht Speicherort: C:\ProgramData\IePluginService\PluginService.exe Trojaner erkannt Unbekannter Name 07.07.2014 23:09 Ort: Speicher (C:\Windows\SysWOW64\svchost.exe) Synchronisierung 07.07.2014 23:03 Synchronisiert Ihr Schutz wurde über die Cloud synchronisiert, um Sie vor den neuesten Bedrohungen zu schützen. Scan 07.07.2014 23:03 Gestartet Durchsuche: Kritische Bereiche Trojaner erkannt Trj/Chgt.A 07.07.2014 22:44 Nach dem Neustart des Computers ist die Datei gelöscht Speicherort: C:\ProgramData\WPM\wprotectmanager.exe Trojaner erkannt Unbekannter Name 07.07.2014 22:44 Ort: Speicher (C:\Windows\SysWOW64\svchost.exe) Computer geimpft 07.07.2014 22:43 Geimpft VG Pit |
16.07.2014, 15:56 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit UeTAdREmovalApp 2.0 Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
16.07.2014, 16:19 | #9 |
| Probleme mit UeTAdREmovalApp 2.0 ADW Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 16/07/2014 um 16:59:34 # Aktualisiert 09/07/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Marcel - MARCEL-PC # Gestartet von : C:\Users\Marcel\Downloads\adwcleaner_3.215.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\IePluginService Ordner Gelöscht : C:\ProgramData\IePluginServices Ordner Gelöscht : C:\ProgramData\Premium Ordner Gelöscht : C:\ProgramData\SoftSafe Ordner Gelöscht : C:\ProgramData\TheBflix Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\ProgramData\Barowse2sAvvee Ordner Gelöscht : C:\ProgramData\MianiMUmPPriice Ordner Gelöscht : C:\ProgramData\SaVeoLots Ordner Gelöscht : C:\ProgramData\Searcch-NeewaTabb Ordner Gelöscht : C:\ProgramData\UeTAdREmovalApp Ordner Gelöscht : C:\Program Files (x86)\predm Ordner Gelöscht : C:\Users\Marcel\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\Marcel\AppData\Local\jfilemanager Ordner Gelöscht : C:\Users\Marcel\AppData\Local\Wajam Ordner Gelöscht : C:\Users\Marcel\AppData\LocalLow\TheBflix Ordner Gelöscht : C:\Users\Marcel\AppData\LocalLow\Barowse2sAvvee Ordner Gelöscht : C:\Users\Marcel\AppData\LocalLow\Searcch-NeewaTabb Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\337Games Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\webssearches Ordner Gelöscht : C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebcfhbpljkfobkefihkfgfaliepdkbhl Datei Gelöscht : C:\END Datei Gelöscht : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default\searchplugins\Web Search.xml Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml Datei Gelöscht : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default\user.js Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Verknüpfung Desinfiziert : C:\Users\Marcel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveLots.SaveLots Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveLots.SaveLots.6.3 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MiinimumPeRice.MiinimumPeRice Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MiinimumPeRice.MiinimumPeRice.6.3 Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_usenext_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_usenext_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{06758E55-F12C-1560-C717-87EE1D2C55B9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{81B0631D-DC8D-8B26-95D5-BB378165418E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511311172} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{06758E55-F12C-1560-C717-87EE1D2C55B9} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{81B0631D-DC8D-8B26-95D5-BB378165418E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{06758E55-F12C-1560-C717-87EE1D2C55B9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{81B0631D-DC8D-8B26-95D5-BB378165418E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\TutoTag Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MediaPlayerplus Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\suprasavings Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\delta-homesSoftware Schlüssel Gelöscht : HKLM\Software\IePlugin Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions Schlüssel Gelöscht : HKLM\Software\MediaPlayerplus Schlüssel Gelöscht : HKLM\Software\SP Global Schlüssel Gelöscht : HKLM\Software\SProtector Schlüssel Gelöscht : HKLM\Software\SupDp Schlüssel Gelöscht : HKLM\Software\SupTab Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\Tutorials Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware Schlüssel Gelöscht : HKLM\Software\Wpm Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17207 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v [ Datei : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default\prefs.js ] Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false); Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false); Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922"); Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1397146050&from=tugs&uid=WDCXWD20EARX-22PASB0_WD-WMAZA660592205922"); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0); Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true); Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de"); Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "snapdoopencandy"); Zeile gelöscht : user_pref("extensions.helperbar.installationid", "ee52b741-83e0-46e1-9f4d-29ed19886cf7"); Zeile gelöscht : user_pref("extensions.helperbar.publisher", "snapdoopencandy"); Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=ee52b741-83e0-46e1-9f4d-29ed19886cf7&searchtype=ds&installDate=01/01/1970&q="); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v34.0.1847.116 [ Datei : C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Extension] : ebcfhbpljkfobkefihkfgfaliepdkbhl ************************* AdwCleaner[R0].txt - [18882 octets] - [16/07/2014 16:59:03] AdwCleaner[S0].txt - [15102 octets] - [16/07/2014 16:59:34] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15163 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Marcel on 16.07.2014 at 17:02:41,19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\sho114E.tmp Successfully deleted: [File] C:\Windows\syswow64\sho3FB2.tmp ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{09516D6B-743F-447C-9064-957600B64249} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{2D4F5020-2829-44B5-8BFE-5D6110D144C6} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{3E299314-B9F3-42E2-B53E-7BAE57643299} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{3E8398DB-3FE6-498E-99BD-EBCFD3DF1275} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{3F7347CD-E68D-40DF-8AEF-8E179DC2A253} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{47CEF3F1-8D70-4709-BA07-847025B2E963} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{589E40F0-826E-4302-BC83-EBF2894053B7} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{614BE094-4097-4EA8-9F0C-E7A13E18AD08} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{76D15C04-27CE-4793-B6BA-FAC53CBFA3A6} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{7E974A3F-FE3F-461A-A57F-ED1D45F3E874} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{8E9D30EB-F1F2-4BE6-9702-A116EB76E82C} Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{8EA9A297-15D3-46A2-8AF2-A173622F5606} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.07.2014 at 17:08:55,04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ der zeigt mir das hier an hxxp://www.directupload.net/file/d/3685/raen2v8s_png.htm |
16.07.2014, 16:20 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit UeTAdREmovalApp 2.0 Was geht da nicht
__________________ Logfiles bitte immer in CODE-Tags posten |
16.07.2014, 16:21 | #11 |
| Probleme mit UeTAdREmovalApp 2.0 Der gibt mir immer ne Fehlermeldung -.- |
16.07.2014, 16:22 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit UeTAdREmovalApp 2.0 FRST neu runterladen und auch bitte die Anleitung beachten! Unsere Tools müssen immer auf dem Desktop liegen!
__________________ Logfiles bitte immer in CODE-Tags posten |
16.07.2014, 16:39 | #13 |
| Probleme mit UeTAdREmovalApp 2.0 Unzureichende Berechtigung sagt mir der PC Habs direkt auf den Desktop heruntergeladen und kann die exe datei immer noch nicht öffnen. Gleiche Fehlermeldung. Kann im Moment nichts mehr downloaden, habs grade getestet. Die Datei sitzt jetzt auf meinem Desktop und ich kann mit ihr nichts anfangen. VG Pit |
16.07.2014, 19:50 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit UeTAdREmovalApp 2.0 Nö! Nix vom Desktop! Siehe Fentertitel der Fehlermeldung! Verschieb die FRST auf den Desktop!
__________________ Logfiles bitte immer in CODE-Tags posten |
16.07.2014, 20:02 | #15 |
| Probleme mit UeTAdREmovalApp 2.0 FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01 Ran by Marcel (administrator) on MARCEL-PC on 16-07-2014 21:01:50 Running from C:\Users\Marcel\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Panda Security, S.L.) D:\Programme\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Panda Security, S.L.) D:\Programme\PSUAService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Akamai Technologies, Inc.) C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe (Dropbox, Inc.) C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Panda Security, S.L.) D:\Programme\PSUAMain.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-11] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PSUAMain] => D:\Programme\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.) HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1912227016-3206441769-1861265668-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Marcel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-1912227016-3206441769-1861265668-1000\...\Run: [wqswdw] => C:\Users\Marcel\AppData\Roaming\help.exe [55632 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-1912227016-3206441769-1861265668-1000\...\Run: [{7521DEA2-4614-5CE4-3A04-0D4D709033E6}] => C:\Users\Marcel\AppData\Roaming\Viory\gaun.exe [13217792 2013-06-07] () Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Marcel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll () Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll () Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF NetworkProxy: "http", "www-proxy.t-online.de" FF NetworkProxy: "http_port", 80 FF NetworkProxy: "share_proxy_settings", true FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\ix8kzwxi.default\Extensions\staged [2014-05-21] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [fgnippahjheicjenccifemomfgjofdhp] - C:\ProgramData\TheBflix\fgnippahjheicjenccifemomfgjofdhp.crx [] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 NanoServiceMain; D:\Programme\PSANHost.exe [141560 2014-05-05] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] (Panda Security, S.L.) R2 panda_url_filteringService; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [244792 2014-05-05] (Visicom Media Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] () R2 PSUAService; D:\Programme\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.) S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-06] (DT Soft Ltd) R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed] R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-05-02] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-05-02] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-05-02] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-05-02] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-05-02] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-05-02] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-05-02] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-05-02] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-05-02] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-05-02] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-05-02] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-05-02] (Panda Security, S.L.) R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-05-05] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [119840 2014-05-05] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-05-05] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [121888 2014-05-05] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-05-06] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-05-05] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.) S3 massfilter; system32\drivers\massfilter.sys [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-16 20:58 - 2014-07-16 21:01 - 00014353 _____ () C:\Users\Marcel\Desktop\FRST.txt 2014-07-16 20:56 - 2014-07-16 20:56 - 02918600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-16 17:28 - 2014-07-16 17:28 - 00069112 _____ () C:\Users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-16 17:25 - 2014-07-16 20:56 - 00000728 _____ () C:\Windows\setupact.log 2014-07-16 17:25 - 2014-07-16 17:25 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-16 17:16 - 2014-07-16 17:16 - 02086912 _____ (Farbar) C:\Users\Marcel\Desktop\FRST64.exe 2014-07-16 17:02 - 2014-07-16 17:02 - 00000000 ____D () C:\Windows\ERUNT 2014-07-16 16:59 - 2014-07-16 16:59 - 00000000 ____D () C:\AdwCleaner 2014-07-16 16:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-16 16:58 - 2014-07-16 16:58 - 01016261 _____ (Thisisu) C:\Users\Marcel\Downloads\JRT.exe 2014-07-16 16:57 - 2014-07-16 16:57 - 01348263 _____ () C:\Users\Marcel\Downloads\adwcleaner_3.215.exe 2014-07-16 14:57 - 2014-07-16 14:57 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-09 14:54 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 14:54 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 14:54 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 14:54 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 14:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 14:54 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 14:54 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 14:54 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 14:54 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 14:54 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 14:54 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 14:54 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 14:54 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 14:54 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 14:54 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 14:54 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 14:54 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 14:54 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 14:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 14:54 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 14:54 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 14:54 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 14:54 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 14:54 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 14:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 14:54 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 14:54 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 14:54 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 14:54 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 14:54 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 14:54 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 14:54 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 14:54 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 14:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 14:54 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 14:54 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 14:54 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 14:54 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 14:54 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 14:54 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 14:54 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 14:54 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 14:54 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 14:54 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 14:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 14:54 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 14:54 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 14:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 14:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 14:54 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 14:54 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 14:54 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 14:54 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 14:54 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 14:54 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 14:54 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 14:54 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 14:54 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 14:54 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 14:54 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 14:54 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 14:54 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 14:54 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 14:54 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 14:54 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 14:54 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 14:54 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 14:54 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 14:54 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 14:54 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 14:54 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 14:54 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 14:54 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 14:54 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 14:54 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 14:54 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 14:54 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 14:54 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 14:53 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 14:53 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 14:53 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-07 23:19 - 2014-03-25 15:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2014-07-07 22:58 - 2014-07-07 22:58 - 00069044 _____ () C:\Users\Marcel\Downloads\GMER.log 2014-07-07 22:50 - 2014-07-07 22:50 - 00380416 _____ () C:\Users\Marcel\Downloads\Gmer-19357.exe 2014-07-07 22:44 - 2014-07-07 22:44 - 00000000 ____D () C:\ProgramData\panda_url_filtering 2014-07-07 22:43 - 2014-07-16 19:55 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering 2014-07-07 22:43 - 2014-07-07 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus 2014-07-07 22:43 - 2014-07-07 22:43 - 00000000 ____D () C:\Program Files (x86)\pandasecuritytb 2014-07-07 22:40 - 2014-07-07 22:40 - 00034689 _____ () C:\Users\Marcel\Downloads\Addition.txt 2014-07-07 22:39 - 2014-07-16 21:01 - 00000000 ____D () C:\FRST 2014-07-07 22:39 - 2014-07-07 22:40 - 00034544 _____ () C:\Users\Marcel\Downloads\FRST.txt 2014-07-07 22:38 - 2014-07-07 22:38 - 00000474 _____ () C:\Users\Marcel\Downloads\defogger_disable.log 2014-07-07 22:38 - 2014-07-07 22:38 - 00000000 _____ () C:\Users\Marcel\defogger_reenable 2014-07-07 22:37 - 2014-07-07 22:37 - 00050477 _____ () C:\Users\Marcel\Downloads\Defogger.exe 2014-07-07 22:28 - 2014-07-07 22:29 - 01369712 _____ () C:\Users\Marcel\Downloads\PandaCloud301Antivirus (1).exe 2014-07-05 14:29 - 2014-07-07 21:56 - 00000000 ____D () C:\Users\Marcel\AppData\Local\side_07051229 2014-07-05 14:29 - 2014-07-05 14:29 - 00000266 _____ () C:\Users\Marcel\AppData\Local\dsbqi.bat 2014-06-19 20:37 - 2014-06-19 20:37 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Unity 2014-06-19 20:36 - 2014-06-19 20:36 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Unity ==================== One Month Modified Files and Folders ======= 2014-07-16 21:02 - 2014-07-16 20:58 - 00014353 _____ () C:\Users\Marcel\Desktop\FRST.txt 2014-07-16 21:01 - 2014-07-07 22:39 - 00000000 ____D () C:\FRST 2014-07-16 21:00 - 2013-06-23 20:01 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\tor 2014-07-16 20:57 - 2014-05-05 12:11 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DropboxMaster 2014-07-16 20:57 - 2012-10-17 23:24 - 00000000 ___RD () C:\Users\Marcel\Dropbox 2014-07-16 20:57 - 2012-10-17 23:23 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Dropbox 2014-07-16 20:56 - 2014-07-16 20:56 - 02918600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-16 20:56 - 2014-07-16 17:25 - 00000728 _____ () C:\Windows\setupact.log 2014-07-16 20:56 - 2012-11-20 01:40 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-07-16 20:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-16 19:55 - 2014-07-07 22:43 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering 2014-07-16 19:55 - 2012-12-14 19:07 - 02056321 _____ () C:\Windows\WindowsUpdate.log 2014-07-16 18:14 - 2012-07-21 23:02 - 00000000 ____D () C:\Users\Marcel\AppData\Local\PMB Files 2014-07-16 18:14 - 2012-07-21 23:02 - 00000000 ____D () C:\ProgramData\PMB Files 2014-07-16 17:31 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-16 17:31 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-16 17:28 - 2014-07-16 17:28 - 00069112 _____ () C:\Users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-16 17:25 - 2014-07-16 17:25 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-16 17:16 - 2014-07-16 17:16 - 02086912 _____ (Farbar) C:\Users\Marcel\Desktop\FRST64.exe 2014-07-16 17:08 - 2012-04-13 02:13 - 02440486 _____ () C:\Windows\system32\perfh007.dat 2014-07-16 17:08 - 2012-04-13 02:13 - 00691838 _____ () C:\Windows\system32\perfc007.dat 2014-07-16 17:08 - 2009-07-14 07:13 - 00006690 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-16 17:02 - 2014-07-16 17:02 - 00000000 ____D () C:\Windows\ERUNT 2014-07-16 16:59 - 2014-07-16 16:59 - 00000000 ____D () C:\AdwCleaner 2014-07-16 16:59 - 2014-04-13 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-16 16:59 - 2013-08-24 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-16 16:59 - 2012-04-12 17:10 - 00001001 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-16 16:58 - 2014-07-16 16:58 - 01016261 _____ (Thisisu) C:\Users\Marcel\Downloads\JRT.exe 2014-07-16 16:57 - 2014-07-16 16:57 - 01348263 _____ () C:\Users\Marcel\Downloads\adwcleaner_3.215.exe 2014-07-16 14:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-07-16 14:57 - 2014-07-16 14:57 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-09 20:42 - 2014-05-06 16:12 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 20:42 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-09 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-09 20:20 - 2013-08-14 23:30 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 20:19 - 2012-04-17 08:03 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-07 22:58 - 2014-07-07 22:58 - 00069044 _____ () C:\Users\Marcel\Downloads\GMER.log 2014-07-07 22:50 - 2014-07-07 22:50 - 00380416 _____ () C:\Users\Marcel\Downloads\Gmer-19357.exe 2014-07-07 22:44 - 2014-07-07 22:44 - 00000000 ____D () C:\ProgramData\panda_url_filtering 2014-07-07 22:43 - 2014-07-07 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus 2014-07-07 22:43 - 2014-07-07 22:43 - 00000000 ____D () C:\Program Files (x86)\pandasecuritytb 2014-07-07 22:43 - 2012-04-12 17:21 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Panda Security 2014-07-07 22:43 - 2012-04-12 17:21 - 00000000 ____D () C:\ProgramData\Panda Security 2014-07-07 22:43 - 2012-04-12 17:21 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-07-07 22:40 - 2014-07-07 22:40 - 00034689 _____ () C:\Users\Marcel\Downloads\Addition.txt 2014-07-07 22:40 - 2014-07-07 22:39 - 00034544 _____ () C:\Users\Marcel\Downloads\FRST.txt 2014-07-07 22:38 - 2014-07-07 22:38 - 00000474 _____ () C:\Users\Marcel\Downloads\defogger_disable.log 2014-07-07 22:38 - 2014-07-07 22:38 - 00000000 _____ () C:\Users\Marcel\defogger_reenable 2014-07-07 22:38 - 2012-04-12 17:07 - 00000000 ____D () C:\Users\Marcel 2014-07-07 22:37 - 2014-07-07 22:37 - 00050477 _____ () C:\Users\Marcel\Downloads\Defogger.exe 2014-07-07 22:29 - 2014-07-07 22:28 - 01369712 _____ () C:\Users\Marcel\Downloads\PandaCloud301Antivirus (1).exe 2014-07-07 22:10 - 2014-05-23 20:35 - 00000000 ____D () C:\ProgramData\ShoppDrop 2014-07-07 22:08 - 2014-06-15 16:52 - 00086742 _____ () C:\Users\Marcel\AppData\Roaming\svchost 2014-07-07 22:05 - 2013-03-06 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro 2014-07-07 21:56 - 2014-07-05 14:29 - 00000000 ____D () C:\Users\Marcel\AppData\Local\side_07051229 2014-07-07 21:55 - 2014-06-06 16:22 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DVDVideoSoft 2014-07-07 21:55 - 2014-02-13 21:15 - 00000000 ____D () C:\ProgramData\f1ab4f6828398a92 2014-07-05 14:29 - 2014-07-05 14:29 - 00000266 _____ () C:\Users\Marcel\AppData\Local\dsbqi.bat 2014-06-30 04:09 - 2014-07-09 14:54 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-09 14:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-29 13:11 - 2012-04-12 17:35 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\UseNeXT 2014-06-25 21:51 - 2012-08-18 18:08 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Spotify 2014-06-25 16:29 - 2012-08-18 18:08 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Spotify 2014-06-20 22:14 - 2014-07-09 14:54 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 21:39 - 2014-07-09 14:54 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-06-20 16:09 - 2014-04-06 00:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-06-20 16:08 - 2014-04-06 00:13 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Battle.net 2014-06-19 20:37 - 2014-06-19 20:37 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Unity 2014-06-19 20:36 - 2014-06-19 20:36 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Unity 2014-06-19 03:39 - 2014-07-09 14:54 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-19 03:06 - 2014-07-09 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-19 03:06 - 2014-07-09 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-19 02:48 - 2014-07-09 14:54 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-19 02:42 - 2014-07-09 14:54 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-19 02:42 - 2014-07-09 14:54 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-19 02:41 - 2014-07-09 14:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-19 02:41 - 2014-07-09 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-19 02:32 - 2014-07-09 14:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-19 02:31 - 2014-07-09 14:54 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-19 02:26 - 2014-07-09 14:54 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-19 02:24 - 2014-07-09 14:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-19 02:24 - 2014-07-09 14:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-19 02:23 - 2014-07-09 14:54 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-19 02:16 - 2014-07-09 14:54 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-19 02:14 - 2014-07-09 14:54 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-19 02:09 - 2014-07-09 14:54 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-19 01:59 - 2014-07-09 14:54 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-19 01:56 - 2014-07-09 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-19 01:53 - 2014-07-09 14:54 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-19 01:51 - 2014-07-09 14:54 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-09 14:54 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-09 14:54 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-19 01:39 - 2014-07-09 14:54 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-19 01:38 - 2014-07-09 14:54 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-19 01:37 - 2014-07-09 14:54 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-19 01:36 - 2014-07-09 14:54 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-19 01:35 - 2014-07-09 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-06-19 01:33 - 2014-07-09 14:54 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-09 14:54 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-19 01:28 - 2014-07-09 14:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-19 01:28 - 2014-07-09 14:54 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-19 01:27 - 2014-07-09 14:54 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-19 01:27 - 2014-07-09 14:54 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-19 01:25 - 2014-07-09 14:54 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-19 01:23 - 2014-07-09 14:54 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-19 01:22 - 2014-07-09 14:54 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-19 01:12 - 2014-07-09 14:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-19 01:06 - 2014-07-09 14:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-19 01:01 - 2014-07-09 14:54 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-19 00:59 - 2014-07-09 14:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-09 14:54 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-19 00:58 - 2014-07-09 14:54 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-19 00:52 - 2014-07-09 14:54 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-09 14:54 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-09 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-19 00:46 - 2014-07-09 14:54 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-19 00:45 - 2014-07-09 14:54 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-09 14:54 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-09 14:54 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-09 14:54 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-09 14:54 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-09 14:54 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-09 14:54 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-18 04:18 - 2014-07-09 14:54 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-18 03:51 - 2014-07-09 14:54 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-06-18 03:10 - 2014-07-09 14:54 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Some content of TEMP: ==================== C:\Users\Marcel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm0xeag.dll C:\Users\Marcel\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-24 18:50 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- bitteschön :-) ich danke dir auch schon mal die malware ist weg und der pc läuft nach dem reboot wieder flüssig ohne sich 5 minuten lang aufzuhängen ;-) Ein Problem hab ich allerdings und zwar das mit dem Downloaden und ich kann auch keine neuen Ordner mehr erstellen. Ständig kommt die Nachricht, ich hätte die Berechtigungen nicht. Ich spezifiziere das Problem, wenn ich auf mein D: Partition gehe und dann auf Programme klicke (mein eigener Programm Ordner in dem ich meine Programme installiere) und dort einen Ordner erstellen will sagt er mir, dass keine Berechtigungen hätte. Sonst kann ich überall einen Ordner erstellen. Woran liegt das? Geändert von Pitfrog (16.07.2014 um 20:18 Uhr) |