| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.deWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
31.07.2014, 21:36
| #1 |
 |  Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Hallo zusammen, ich habe mir gestern von der CHIP Seite das Programm "MKV Player" geladen und installiert. Laut Systemsteuerung habe ich gleichzeitig "Relevant Knowledge" installiert, wird vermutlich zusammenhängen und würde mich schockieren, da CHIP eigentlich für mich eine vertrauenswürdige Seite war. Hier die Page, wo ich den MKV Player geladen habe: hxxp://www.chip.de/downloads/MKV-Player_42417465.html Ich habe einen Lenovo G700 mit Windows 7 Professional 64 Bit. Die Logfiles von FRST und GMER habe ich im Anhang angefügt. Danke für eure Hilfe im Voraus. |
|
31.07.2014, 22:09
| #2 |
| /// the machine /// TB-Ausbilder    |  Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
31.07.2014, 22:39
| #3 |
| | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Hallo Schrauber,
__________________das Board selbst hat mir gesagt, dass ich zuviele Zeichen verwendet habe und ich Logfiles in den Anhang packen SOLL. Wie auch immer, hier die Files: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Standard (ATTENTION: The logged in user is not administrator) on LENOVO-RODDI on 31-07-2014 22:03:16
Running from D:\Eigene Dateien\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Medisana) C:\Program Files (x86)\VitaDock\VitaDock.exe
(Xmarks.com) C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-03-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-03-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-04-25] (IDT, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-16] (Microsoft Corporation)
HKU\S-1-5-21-269633538-2099173846-2401267907-1001\...\Run: [VitaDock] => C:\Program Files (x86)\VitaDock\VitaDock.exe [975360 2014-04-09] (Medisana)
HKU\S-1-5-21-269633538-2099173846-2401267907-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-269633538-2099173846-2401267907-1001\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1183232 2014-07-01] (Xmarks.com)
HKU\S-1-5-21-269633538-2099173846-2401267907-1001\...\MountPoints2: {eda89a87-ad9c-11e3-9e85-342387f68906} - G:\SETUP.EXE
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Standard\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DKB-Cashback - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\Extensions\crossriderapp16150@crossrider.com [2014-07-11]
FF Extension: Xmarks - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\Extensions\foxmarks@kei.com [2014-07-26]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\Extensions\ich@maltegoetz.de [2014-04-18]
FF Extension: LastPass - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\Extensions\support@lastpass.com [2014-03-30]
FF Extension: FoxTrick - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2014-03-16]
FF Extension: Flagfox - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-16]
FF Extension: Adblock Plus - C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
FF Extension: RelevantKnowledge - C:\Program Files (x86)\RelevantKnowledge\firefox [2014-07-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgfws; C:\Program Files (x86)\AVG2014\avgfws.exe [1417160 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-03-16] (Macrovision Europe Ltd.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [198424 2014-04-10] (TMRG, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-04] (Qualcomm Atheros Co., Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 22:03 - 2014-07-31 22:03 - 00000000 ____D () C:\FRST
2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2014-07-31 20:36 - 2014-07-31 20:36 - 00000856 _____ () C:\Windows\PFRO.log
2014-07-30 21:30 - 2014-07-31 22:03 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2014-07-30 21:30 - 2014-04-10 17:37 - 00970520 _____ (TMRG, Inc.) C:\Windows\system32\rlls64.dll
2014-07-30 21:30 - 2014-04-10 17:37 - 00660760 _____ (TMRG, Inc.) C:\Windows\SysWOW64\rlls.dll
2014-07-30 14:05 - 2014-07-30 14:08 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 14:05 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000979 _____ () C:\Users\Roddinho\Desktop\tiptoi.lnk
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Program Files (x86)\tiptoi
2014-07-29 22:14 - 2014-07-29 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 21:41 - 2014-07-29 21:41 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000320 _____ () C:\Users\Standard\Desktop\MyHarmony.appref-ms
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Deployment
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Apps\2.0
2014-07-26 23:22 - 2014-02-02 23:52 - 415175351 _____ () C:\Users\Standard\Desktop\tvp-mobcity-s01e06-480p.mkv
2014-07-25 16:44 - 2014-07-31 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 16:40 - 2014-07-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 13:58 - 2014-01-26 22:45 - 398066688 _____ () C:\Users\Standard\Desktop\tvp-mobcity-s01e05-480p.mkv
2014-07-25 11:28 - 2014-01-19 22:11 - 451304448 _____ () C:\Users\Standard\Desktop\tvp-mobcity-s01e04-480p.mkv
2014-07-18 12:33 - 2014-07-18 12:33 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-18 12:33 - 2014-07-18 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-18 12:32 - 2014-07-18 12:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-18 12:32 - 2014-07-18 12:33 - 00000000 ____D () C:\Program Files\iTunes
2014-07-18 12:32 - 2014-07-18 12:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-18 12:32 - 2014-07-18 12:32 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 09:51 - 2014-07-31 21:47 - 00000000 ____D () C:\Users\Standard\AppData\Local\Xmarks
2014-07-11 09:51 - 2014-07-11 09:51 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xmarks
2014-07-11 09:51 - 2014-07-11 09:51 - 00000000 ____D () C:\Program Files (x86)\Xmarks
2014-07-11 09:47 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 09:47 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 09:47 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 09:47 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 09:47 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 09:47 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 09:47 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 09:47 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-11 09:47 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-11 09:47 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-11 09:47 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-11 09:47 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-11 09:47 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-11 09:47 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-11 09:47 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-11 09:47 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-11 09:47 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-11 09:47 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-11 09:47 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-11 09:47 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-11 09:47 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-11 09:47 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 09:46 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-11 09:46 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-11 09:46 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 09:46 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 09:46 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-11 09:46 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 09:46 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-11 09:46 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-11 09:46 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-11 09:46 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-11 09:46 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 09:46 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-11 09:46 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-11 09:46 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-11 09:46 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-11 09:46 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-11 09:46 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-11 09:46 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-11 09:46 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 09:46 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-11 09:46 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-11 09:46 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-11 09:46 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 09:46 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 09:46 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 09:46 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-11 09:46 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-11 09:46 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-11 09:46 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-11 09:46 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-11 09:46 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 09:46 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-11 09:46 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-11 09:46 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-11 09:46 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 09:46 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-11 09:46 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-11 09:46 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-11 09:46 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-11 09:46 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-11 09:46 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-11 09:46 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-11 09:46 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-11 09:46 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 09:46 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-11 09:46 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-11 09:46 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 09:46 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-11 09:46 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-11 09:46 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-11 09:46 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-11 09:46 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 09:46 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-11 09:46 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-11 09:46 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-11 09:46 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 09:46 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 09:46 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-11 09:46 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 00:34 - 2011-07-22 05:03 - 524914688 _____ () C:\Users\Standard\Desktop\Sopranos S01E02 - Verwandte und andere Feinde.avi
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 22:03 - 2014-07-31 22:03 - 00000000 ____D () C:\FRST
2014-07-31 22:03 - 2014-07-30 21:30 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2014-07-31 21:56 - 2014-03-15 18:58 - 02059953 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 21:54 - 2014-04-22 23:05 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Mp3tag
2014-07-31 21:47 - 2014-07-11 09:51 - 00000000 ____D () C:\Users\Standard\AppData\Local\Xmarks
2014-07-31 21:42 - 2014-07-25 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 21:03 - 2009-07-14 19:58 - 00701334 _____ () C:\Windows\system32\perfh007.dat
2014-07-31 21:03 - 2009-07-14 19:58 - 00150202 _____ () C:\Windows\system32\perfc007.dat
2014-07-31 21:03 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-31 20:45 - 2009-07-14 06:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 20:45 - 2009-07-14 06:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 20:42 - 2014-05-15 21:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2014-07-31 20:40 - 2014-05-15 21:06 - 00000000 ____D () C:\Program Files (x86)\AVG2014
2014-07-31 20:37 - 2014-06-26 10:14 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-07-31 20:37 - 2014-03-17 09:06 - 00000292 _____ () C:\Windows\Tasks\AutoKMS.job
2014-07-31 20:36 - 2014-07-31 20:36 - 00000856 _____ () C:\Windows\PFRO.log
2014-07-31 20:36 - 2014-06-16 16:14 - 00004876 _____ () C:\Windows\setupact.log
2014-07-31 20:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 21:37 - 2014-04-17 21:57 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\vlc
2014-07-30 14:08 - 2014-07-30 14:05 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\RavensburgerTipToi
2014-07-30 14:05 - 2014-07-30 13:15 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000979 _____ () C:\Users\Roddinho\Desktop\tiptoi.lnk
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Program Files (x86)\tiptoi
2014-07-30 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-30 10:00 - 2014-03-15 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 22:55 - 2014-04-09 10:43 - 00000000 ____D () C:\Users\Standard\AppData\Local\DVD Profiler
2014-07-29 22:14 - 2014-07-29 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 21:41 - 2014-07-29 21:41 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000320 _____ () C:\Users\Standard\Desktop\MyHarmony.appref-ms
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Deployment
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Apps\2.0
2014-07-26 21:23 - 2014-03-17 00:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 21:22 - 2014-03-17 00:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 16:44 - 2014-03-15 21:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-25 16:44 - 2014-03-15 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-25 16:40 - 2014-07-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-18 12:33 - 2014-07-18 12:33 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-18 12:33 - 2014-07-18 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-18 12:33 - 2014-07-18 12:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-18 12:33 - 2014-07-18 12:32 - 00000000 ____D () C:\Program Files\iTunes
2014-07-18 12:33 - 2014-07-18 12:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-18 12:32 - 2014-07-18 12:32 - 00000000 ____D () C:\Program Files\iPod
2014-07-18 12:27 - 2014-05-15 21:08 - 00000899 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-18 12:27 - 2014-05-15 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-14 12:28 - 2009-07-14 06:45 - 02341304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 01:17 - 2014-05-01 15:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-14 01:17 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 01:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-14 01:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-14 01:10 - 2014-03-17 08:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 01:10 - 2014-03-15 20:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 01:09 - 2014-03-15 20:47 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 09:51 - 2014-07-11 09:51 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xmarks
2014-07-11 09:51 - 2014-07-11 09:51 - 00000000 ____D () C:\Program Files (x86)\Xmarks
2014-07-06 01:53 - 2014-06-28 15:58 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\DAEMON Tools Lite
2014-07-02 00:10 - 2014-05-15 09:42 - 00000000 ___RD () C:\Users\Standard\Virtual Machines
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Standard at 2014-07-31 22:03:57
Running from D:\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.1245.72250 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.1245.72250 - Alcor Micro Corp.) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.6.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{90C96F50-6055-4E41-A143-B0B02383223F}) (Version: 1.40.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version: - Microsoft)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6431.0 - IDT)
inSSIDer (HKLM-x32\...\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}) (Version: 2.1.5 - MetaGeek)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{36CE10BD-A076-4DE3-A8A7-2F61E3FB2E6A}) (Version: 6.20.55.14 - Lenovo)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MyHarmony (HKCU\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
RelevantKnowledge (HKLM-x32\...\{d08d9f98-1c78-4704-87e6-368b0023d831}) (Version: 1.3.337.327 - TMRG, Inc.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VitaDock® Online PC 1.0.530 (HKLM-x32\...\{2DDE97C5-863F-4FFB-84A2-70B21684D747}) (Version: 1.0.530.0 - Medisana)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.4 - Shark007)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows-Treiberpaket - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xmarks for IE (HKLM-x32\...\{58826E2C-FCB2-4D1B-A2FF-C3DAE866FEAF}) (Version: 127.0.170 - Xmarks)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\AutoKMS.job => ?
==================== Loaded Modules (whitelisted) =============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-25 03:22 - 2014-01-25 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 04:20 - 2014-03-17 08:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 17:30 - 2014-03-17 08:45 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 17:31 - 2014-03-17 08:45 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 04:20 - 2014-03-17 08:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/04/2014 11:50:25 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_esa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:24 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_zta.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:23 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_zha.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:22 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_tra.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:20 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_rua.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:19 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_msa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:18 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_koa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:16 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_ida.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:15 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_ina.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
Error: (07/04/2014 11:50:13 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_spa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.
System errors:
=============
Error: (07/31/2014 08:37:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/30/2014 03:06:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/30/2014 10:02:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/27/2014 07:45:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/26/2014 09:30:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/26/2014 09:30:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/26/2014 09:30:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/26/2014 09:30:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/26/2014 09:30:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/26/2014 09:30:01 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (07/04/2014 11:50:25 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_esa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:24 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_zta.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:23 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_zha.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:22 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_tra.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:20 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_rua.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:19 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_msa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:18 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_koa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:16 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_ida.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:15 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_ina.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/04/2014 11:50:13 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT-AUTORITÄT)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Fehler 1311. SA_Error1311: StandardAction(0xC007051F): Die Quelldatei (CAB-Datei) wurde nicht gefunden: C:\ProgramData\AVG2014\SetupBackup\lng_spa.cab. Überprüfen Sie, ob die Datei vorhanden ist und Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 8071.36 MB
Available physical RAM: 5210.16 MB
Total Pagefile: 16140.89 MB
Available Pagefile: 13166.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:165.92 GB) (Free:90.96 GB) NTFS
Drive d: () (Fixed) (Total:299.74 GB) (Free:179.23 GB) NTFS
Drive g: (Anstoss 3) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
31.07.2014, 22:40
| #4 |
| | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Und GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-31 22:27:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HGST_HTS545050A7E380 rev.GG2ZBD90 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Roddinho\AppData\Local\Temp\pxddafog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002df8000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002df802f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG2014\avgfws.exe[1980] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000774d1465 2 bytes [4D, 77]
.text C:\Program Files (x86)\AVG2014\avgfws.exe[1980] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000774d14bb 2 bytes [4D, 77]
.text ... * 2
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 0000000077aa9990 8 bytes {JMP QWORD [RIP-0x17aa994e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077ac0650 12 bytes {JMP QWORD [RIP-0x17ac05de]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\SHELL32.dll!ShellExecuteExW 000007fefd137cb0 10 bytes {JMP QWORD [RIP-0x5f796e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefce32e18 10 bytes {JMP QWORD [RIP-0x2f2dd6]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefc8150a0 7 bytes JMP 0
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\SSPICLI.DLL!DecryptMessage 000007fefc8151f4 7 bytes JMP 0
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefed24fac 10 bytes {JMP QWORD [RIP-0x21e4c9a]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!WSASend 000007fefeb613b0 10 bytes {JMP QWORD [RIP-0x202121e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefeb618e1 8 bytes {JMP QWORD [RIP-0x202180e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefeb62200 10 bytes {JMP QWORD [RIP-0x202209e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefeb645c1 6 bytes {JMP QWORD [RIP-0x202454e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!send 000007fefeb68000 10 bytes {JMP QWORD [RIP-0x2027efe]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!sendto 000007fefeb6d7f0 7 bytes {JMP QWORD [RIP-0x202d5ce]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!recv 000007fefeb6df40 10 bytes {JMP QWORD [RIP-0x202de0e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefeb6eb90 7 bytes {JMP QWORD [RIP-0x202e99e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefeb6ed50 10 bytes {JMP QWORD [RIP-0x202eace]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefeb87a50 7 bytes {JMP QWORD [RIP-0x204788e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefeb8e0f0 7 bytes {JMP QWORD [RIP-0x204e04e]}
.text C:\Windows\Explorer.EXE[2468] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefeb8e6c0 7 bytes {JMP QWORD [RIP-0x204e46e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!WSASend 000007fefeb613b0 10 bytes {JMP QWORD [RIP-0x1d7121e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefeb618e1 8 bytes {JMP QWORD [RIP-0x1d7180e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefeb62200 10 bytes {JMP QWORD [RIP-0x1d7209e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefeb645c1 6 bytes {JMP QWORD [RIP-0x1d7454e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!send 000007fefeb68000 10 bytes {JMP QWORD [RIP-0x1d77efe]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!sendto 000007fefeb6d7f0 7 bytes {JMP QWORD [RIP-0x1d7d5ce]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!recv 000007fefeb6df40 10 bytes {JMP QWORD [RIP-0x1d7de0e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefeb6eb90 7 bytes {JMP QWORD [RIP-0x1d7e99e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefeb6ed50 10 bytes {JMP QWORD [RIP-0x1d7eace]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefeb87a50 7 bytes {JMP QWORD [RIP-0x1d9788e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefeb8e0f0 7 bytes {JMP QWORD [RIP-0x1d9e04e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefeb8e6c0 7 bytes {JMP QWORD [RIP-0x1d9e46e]}
.text C:\Windows\system32\Dwm.exe[2644] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefed24fac 10 bytes {JMP QWORD [RIP-0x1f34c9a]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\KERNEL32.dll!GetQueuedCompletionStatus 0000000077aa9990 8 bytes {JMP QWORD [RIP-0x17aa994e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\KERNEL32.dll!CreateProcessW 0000000077ac0650 12 bytes {JMP QWORD [RIP-0x17ac05de]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefce32e18 10 bytes {JMP QWORD [RIP-0x2f2dd6]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!WSASend 000007fefeb613b0 10 bytes {JMP QWORD [RIP-0x202121e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefeb618e1 8 bytes {JMP QWORD [RIP-0x202180e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefeb62200 10 bytes {JMP QWORD [RIP-0x202209e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefeb645c1 6 bytes {JMP QWORD [RIP-0x202454e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!send 000007fefeb68000 10 bytes {JMP QWORD [RIP-0x2027efe]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!sendto 000007fefeb6d7f0 7 bytes {JMP QWORD [RIP-0x202d5ce]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!recv 000007fefeb6df40 10 bytes {JMP QWORD [RIP-0x202de0e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefeb6eb90 7 bytes {JMP QWORD [RIP-0x202e99e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefeb6ed50 10 bytes {JMP QWORD [RIP-0x202eace]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefeb87a50 7 bytes {JMP QWORD [RIP-0x204788e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefeb8e0f0 7 bytes {JMP QWORD [RIP-0x204e04e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefeb8e6c0 7 bytes {JMP QWORD [RIP-0x204e46e]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\SspiCli.dll!EncryptMessage 000007fefc8150a0 7 bytes {JMP QWORD [RIP+0x32b212]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\SspiCli.dll!DecryptMessage 000007fefc8151f4 7 bytes {JMP QWORD [RIP+0x32b0ee]}
.text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3096] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefed24fac 10 bytes {JMP QWORD [RIP-0x21e4c9a]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefce32e18 10 bytes {JMP QWORD [RIP-0x42dd6]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!WSASend 000007fefeb613b0 10 bytes {JMP QWORD [RIP-0x1d7121e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefeb618e1 8 bytes {JMP QWORD [RIP-0x1d7180e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefeb62200 10 bytes {JMP QWORD [RIP-0x1d7209e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefeb645c1 6 bytes {JMP QWORD [RIP-0x1d7454e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!send 000007fefeb68000 10 bytes {JMP QWORD [RIP-0x1d77efe]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!sendto 000007fefeb6d7f0 7 bytes {JMP QWORD [RIP-0x1d7d5ce]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!recv 000007fefeb6df40 10 bytes {JMP QWORD [RIP-0x1d7de0e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefeb6eb90 7 bytes {JMP QWORD [RIP-0x1d7e99e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefeb6ed50 10 bytes {JMP QWORD [RIP-0x1d7eace]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefeb87a50 7 bytes {JMP QWORD [RIP-0x1d9788e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefeb8e0f0 7 bytes {JMP QWORD [RIP-0x1d9e04e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefeb8e6c0 7 bytes {JMP QWORD [RIP-0x1d9e46e]}
.text C:\Windows\System32\igfxtray.exe[3188] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefed24fac 10 bytes {JMP QWORD [RIP-0x1f34c9a]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefce32e18 10 bytes {JMP QWORD [RIP-0x42dd6]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!WSASend 000007fefeb613b0 10 bytes {JMP QWORD [RIP-0x1d7121e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefeb618e1 8 bytes {JMP QWORD [RIP-0x1d7180e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefeb62200 10 bytes {JMP QWORD [RIP-0x1d7209e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefeb645c1 6 bytes {JMP QWORD [RIP-0x1d7454e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!send 000007fefeb68000 10 bytes {JMP QWORD [RIP-0x1d77efe]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!sendto 000007fefeb6d7f0 7 bytes {JMP QWORD [RIP-0x1d7d5ce]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!recv 000007fefeb6df40 10 bytes {JMP QWORD [RIP-0x1d7de0e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefeb6eb90 7 bytes {JMP QWORD [RIP-0x1d7e99e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefeb6ed50 10 bytes {JMP QWORD [RIP-0x1d7eace]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefeb87a50 7 bytes {JMP QWORD [RIP-0x1d9788e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefeb8e0f0 7 bytes {JMP QWORD [RIP-0x1d9e04e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefeb8e6c0 7 bytes {JMP QWORD [RIP-0x1d9e46e]}
.text C:\Windows\System32\hkcmd.exe[3196] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefed24fac 10 bytes {JMP QWORD [RIP-0x1f34c9a]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefce32e18 10 bytes {JMP QWORD [RIP-0x2f2dd6]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!WSASend 000007fefeb613b0 10 bytes {JMP QWORD [RIP-0x202121e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefeb618e1 8 bytes {JMP QWORD [RIP-0x202180e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefeb62200 10 bytes {JMP QWORD [RIP-0x202209e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefeb645c1 6 bytes {JMP QWORD [RIP-0x202454e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!send 000007fefeb68000 10 bytes {JMP QWORD [RIP-0x2027efe]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!sendto 000007fefeb6d7f0 7 bytes {JMP QWORD [RIP-0x202d5ce]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!recv 000007fefeb6df40 10 bytes {JMP QWORD [RIP-0x202de0e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefeb6eb90 7 bytes {JMP QWORD [RIP-0x202e99e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefeb6ed50 10 bytes {JMP QWORD [RIP-0x202eace]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefeb87a50 7 bytes {JMP QWORD [RIP-0x204788e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefeb8e0f0 7 bytes {JMP QWORD [RIP-0x204e04e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefeb8e6c0 7 bytes {JMP QWORD [RIP-0x204e46e]}
.text C:\Windows\System32\igfxpers.exe[3248] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefed24fac 10 bytes {JMP QWORD [RIP-0x21e4c9a]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 0000000077aa9990 8 bytes {JMP QWORD [RIP-0x17aa994e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077ac0650 12 bytes {JMP QWORD [RIP-0x17ac05de]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefce32e18 10 bytes {JMP QWORD [RIP-0x142dd6]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!WSASend 000007fefeb613b0 10 bytes {JMP QWORD [RIP-0x1e7121e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefeb618e1 8 bytes {JMP QWORD [RIP-0x1e7180e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefeb62200 10 bytes {JMP QWORD [RIP-0x1e7209e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefeb645c1 6 bytes {JMP QWORD [RIP-0x1e7454e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!send 000007fefeb68000 10 bytes {JMP QWORD [RIP-0x1e77efe]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!sendto 000007fefeb6d7f0 7 bytes {JMP QWORD [RIP-0x1e7d5ce]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!recv 000007fefeb6df40 10 bytes {JMP QWORD [RIP-0x1e7de0e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefeb6eb90 7 bytes {JMP QWORD [RIP-0x1e7e99e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefeb6ed50 10 bytes {JMP QWORD [RIP-0x1e7eace]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefeb87a50 7 bytes {JMP QWORD [RIP-0x1e9788e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefeb8e0f0 7 bytes {JMP QWORD [RIP-0x1e9e04e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefeb8e6c0 7 bytes {JMP QWORD [RIP-0x1e9e46e]}
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3496] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefed24fac 10 bytes {JMP QWORD [RIP-0x2034c9a]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\kernel32.dll!GetQueuedCompletionStatus 0000000077aa9990 8 bytes {JMP QWORD [RIP-0x17aa994e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077ac0650 12 bytes {JMP QWORD [RIP-0x17ac05de]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefce32e18 10 bytes {JMP QWORD [RIP-0x2f2dd6]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!WSASend 000007fefeb613b0 10 bytes {JMP QWORD [RIP-0x202121e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!closesocket + 1 000007fefeb618e1 8 bytes {JMP QWORD [RIP-0x202180e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!WSARecv 000007fefeb62200 10 bytes {JMP QWORD [RIP-0x202209e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefeb645c1 6 bytes {JMP QWORD [RIP-0x202454e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!send 000007fefeb68000 10 bytes {JMP QWORD [RIP-0x2027efe]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!sendto 000007fefeb6d7f0 7 bytes {JMP QWORD [RIP-0x202d5ce]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!recv 000007fefeb6df40 10 bytes {JMP QWORD [RIP-0x202de0e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!recvfrom 000007fefeb6eb90 7 bytes {JMP QWORD [RIP-0x202e99e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!WSASendTo 000007fefeb6ed50 10 bytes {JMP QWORD [RIP-0x202eace]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!WSAGetOverlappedResult 000007fefeb87a50 7 bytes {JMP QWORD [RIP-0x204788e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefeb8e0f0 7 bytes {JMP QWORD [RIP-0x204e04e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WS2_32.dll!WSARecvFrom 000007fefeb8e6c0 7 bytes {JMP QWORD [RIP-0x204e46e]}
.text C:\Program Files\IDT\WDM\sttray64.exe[3532] C:\Windows\system32\WININET.dll!UnlockUrlCacheEntryFile 000007fefed24fac 10 bytes {JMP QWORD [RIP-0x21e4c9a]}
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000773d103d 5 bytes JMP 0000000103a4cf36
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 00000000773ed393 5 bytes JMP 0000000103a4fc3c
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000757d124e 5 bytes JMP 0000000103a4e27a
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000757d129d 5 bytes JMP 0000000103a4f0bf
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076e154ad 5 bytes JMP 0000000103a3ac28
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!sendto 00000000777734b5 5 bytes JMP 0000000103a4ff4b
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077773918 5 bytes JMP 0000000103a4eba0
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077774406 5 bytes JMP 0000000103a510ad
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!recv 0000000077776b0e 5 bytes JMP 0000000103a4f99e
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!connect 0000000077776bdd 5 bytes JMP 0000000103a4e643
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!send 0000000077776f01 5 bytes JMP 0000000103a4f3ea
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077777089 5 bytes JMP 0000000103a515b7
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000077777489 5 bytes JMP 0000000103a4faa8
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007777b6dc 5 bytes JMP 0000000103a4fe10
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007777cba6 5 bytes JMP 0000000103a51747
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007777cc3f 5 bytes JMP 0000000103a4ea0d
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007778b30c 5 bytes JMP 0000000103a51906
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075ca1e06 5 bytes JMP 0000000103a4ad4d
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076ccd2e3 5 bytes JMP 0000000103a509fb
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774d1465 2 bytes [4D, 77]
.text C:\Program Files (x86)\VitaDock\VitaDock.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774d14bb 2 bytes [4D, 77]
.text ... * 2
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000773d103d 5 bytes JMP 0000000102cccf36
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 00000000773ed393 5 bytes JMP 0000000102ccfc3c
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000757d124e 5 bytes JMP 0000000102cce27a
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000757d129d 5 bytes JMP 0000000102ccf0bf
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076ccd2e3 5 bytes JMP 0000000102cd09fb
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\ole32.DLL!CoGetClassObject 0000000076e154ad 5 bytes JMP 0000000102cbac28
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075ca1e06 5 bytes JMP 0000000102ccad4d
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!sendto 00000000777734b5 5 bytes JMP 0000000102ccff4b
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077773918 5 bytes JMP 0000000102cceba0
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077774406 5 bytes JMP 0000000102cd10ad
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!recv 0000000077776b0e 5 bytes JMP 0000000102ccf99e
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!connect 0000000077776bdd 5 bytes JMP 0000000102cce643
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!send 0000000077776f01 5 bytes JMP 0000000102ccf3ea
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077777089 5 bytes JMP 0000000102cd15b7
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000077777489 5 bytes JMP 0000000102ccfaa8
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007777b6dc 5 bytes JMP 0000000102ccfe10
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007777cba6 5 bytes JMP 0000000102cd1747
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007777cc3f 5 bytes JMP 0000000102ccea0d
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007778b30c 5 bytes JMP 0000000102cd1906
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774d1465 2 bytes [4D, 77]
.text C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774d14bb 2 bytes [4D, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000773d103d 5 bytes JMP 000000011004cf36
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 00000000773ed393 5 bytes JMP 000000011004fc3c
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000757d124e 5 bytes JMP 000000011004e27a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000757d129d 5 bytes JMP 000000011004f0bf
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076e154ad 5 bytes JMP 000000011003ac28
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075ca1e06 5 bytes JMP 000000011004ad4d
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!sendto 00000000777734b5 5 bytes JMP 000000011004ff4b
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077773918 5 bytes JMP 000000011004eba0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077774406 5 bytes JMP 00000001100510ad
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!recv 0000000077776b0e 5 bytes JMP 000000011004f99e
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!connect 0000000077776bdd 5 bytes JMP 000000011004e643
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!send 0000000077776f01 5 bytes JMP 000000011004f3ea
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077777089 5 bytes JMP 00000001100515b7
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000077777489 5 bytes JMP 000000011004faa8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007777b6dc 5 bytes JMP 000000011004fe10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007777cba6 5 bytes JMP 0000000110051747
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007777cc3f 5 bytes JMP 000000011004ea0d
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007778b30c 5 bytes JMP 0000000110051906
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076ccd2e3 5 bytes JMP 00000001100509fb
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774d1465 2 bytes [4D, 77]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774d14bb 2 bytes [4D, 77]
.text ... * 2
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000773d103d 5 bytes JMP 0000000102b3cf36
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 00000000773ed393 5 bytes JMP 0000000102b3fc3c
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000757d124e 5 bytes JMP 0000000102b3e27a
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000757d129d 5 bytes JMP 0000000102b3f0bf
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075ca1e06 5 bytes JMP 0000000102b3ad4d
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076e154ad 5 bytes JMP 0000000102b2ac28
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!sendto 00000000777734b5 5 bytes JMP 0000000102b3ff4b
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077773918 5 bytes JMP 0000000102b3eba0
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077774406 5 bytes JMP 0000000102b410ad
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!recv 0000000077776b0e 5 bytes JMP 0000000102b3f99e
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!connect 0000000077776bdd 5 bytes JMP 0000000102b3e643
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!send 0000000077776f01 5 bytes JMP 0000000102b3f3ea
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077777089 5 bytes JMP 0000000102b415b7
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000077777489 5 bytes JMP 0000000102b3faa8
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007777b6dc 5 bytes JMP 0000000102b3fe10
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007777cba6 5 bytes JMP 0000000102b41747
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007777cc3f 5 bytes JMP 0000000102b3ea0d
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007778b30c 5 bytes JMP 0000000102b41906
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076ccd2e3 5 bytes JMP 0000000102b409fb
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774d1465 2 bytes [4D, 77]
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774d14bb 2 bytes [4D, 77]
.text ... * 2
.text C:\Program Files (x86)\AVG2014\avgui.exe[3800] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000773d103d 5 bytes JMP 000000011004cf36
.text C:\Program Files (x86)\AVG2014\avgui.exe[3800] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 00000000773ed393 5 bytes JMP 000000011004fc3c
.text C:\Program Files (x86)\AVG2014\avgui.exe[3800] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000757d124e 5 bytes JMP 000000011004e27a
.text C:\Program Files (x86)\AVG2014\avgui.exe[3800] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000757d129d 5 bytes JMP 000000011004f0bf
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000773d103d 5 bytes JMP 000000011004cf36
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\kernel32.dll!GetQueuedCompletionStatus 00000000773ed393 5 bytes JMP 000000011004fc3c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000757d124e 5 bytes JMP 000000011004e27a
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000757d129d 5 bytes JMP 000000011004f0bf
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\SHELL32.dll!ShellExecuteExW 0000000075ca1e06 5 bytes JMP 000000011004ad4d
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!sendto 00000000777734b5 5 bytes JMP 000000011004ff4b
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000077773918 5 bytes JMP 000000011004eba0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000077774406 5 bytes JMP 00000001100510ad
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!recv 0000000077776b0e 5 bytes JMP 000000011004f99e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!connect 0000000077776bdd 5 bytes JMP 000000011004e643
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!send 0000000077776f01 5 bytes JMP 000000011004f3ea
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000077777089 5 bytes JMP 00000001100515b7
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!WSAGetOverlappedResult 0000000077777489 5 bytes JMP 000000011004faa8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!recvfrom 000000007777b6dc 5 bytes JMP 000000011004fe10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom 000000007777cba6 5 bytes JMP 0000000110051747
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007777cc3f 5 bytes JMP 000000011004ea0d
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WS2_32.dll!WSASendTo 000000007778b30c 5 bytes JMP 0000000110051906
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076e154ad 5 bytes JMP 000000011003ac28
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\WININET.dll!UnlockUrlCacheEntryFile 0000000076ccd2e3 5 bytes JMP 00000001100509fb
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774d1465 2 bytes [4D, 77]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774d14bb 2 bytes [4D, 77]
.text ... * 2
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774d1465 2 bytes [4D, 77]
.text C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774d14bb 2 bytes [4D, 77]
.text ... * 2
.text C:\PROGRA~2\RELEVA~1\rlvknlg32.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000774d1465 2 bytes [4D, 77]
.text C:\PROGRA~2\RELEVA~1\rlvknlg32.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774d14bb 2 bytes [4D, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3788:6116] 000007fefb0e2bf8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\342387f68906
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\342387f68906 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
01.08.2014, 18:02
| #5 |
| /// the machine /// TB-Ausbilder | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Unsere Tools brauchen immer Adminrechte! Adware & Co. deinstallieren
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.08.2014, 19:55
| #6 |
| | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Ja sorry, habe Adminrechte, nutze aber zwei Accounts, u.A. um eben ungewünschte Installationen zu verhindern. Randnotiz: Ich fahre morgen früh für 14 Tage in Urlaub. Danke schonmal für den Support bis hierhin, ich schaue heute Abend noch ein paar Mal rein und dann am 16.8. wieder, ob noch etwas zu tun ist. Daumen hoch bis hierhin für schrauber. Bei Revo Uninstaller gab es kein Programm, dass der Erläuterung entsprach. Hier die Combofi.txt: Code:
ATTFilter ComboFix 14-07-31.02 - Roddinho 01.08.2014 20:36:51.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8071.5741 [GMT 2:00]
ausgeführt von:: d:\eigene dateien\Downloads\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RelevantKnowledge
c:\program files (x86)\RelevantKnowledge\chrome.manifest
c:\program files (x86)\RelevantKnowledge\components\rlxg.dll
c:\program files (x86)\RelevantKnowledge\firefox\bootstrap.js
c:\program files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\program files (x86)\RelevantKnowledge\firefox\harness-options.json
c:\program files (x86)\RelevantKnowledge\firefox\install.rdf
c:\program files (x86)\RelevantKnowledge\firefox\locales.json
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\addon\runner.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\base64.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\plain-text.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\traceback.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-proxy.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\thumbnail.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\heritage.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\promise.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\api-utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\cortex.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\errors.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\light-traits.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\list.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\memory.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\observer-service.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\window-utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\dom\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\target.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\byte-streams.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\data.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\file.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\text-streams.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\html.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\locale.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\prefs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\lang\functional.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\cuddlefish.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\sandbox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\net\url.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\platform\xpcom.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\preferences\service.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\self.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\environment.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\globals.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\runtime.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\unload.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\xul-app.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\common.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\helpers.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\observer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\timers.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\url.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\array.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\deprecate.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\list.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\object.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\registry.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\uuid.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\browser.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\dom.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\observer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\toolkit\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\program files (x86)\RelevantKnowledge\firefox\rlnx.dll
c:\program files (x86)\RelevantKnowledge\install.rdf
c:\program files (x86)\RelevantKnowledge\ncncf.dat
c:\program files (x86)\RelevantKnowledge\nscf.dat
c:\program files (x86)\RelevantKnowledge\readme.txt
c:\program files (x86)\RelevantKnowledge\rlcm.crx
c:\program files (x86)\RelevantKnowledge\rlcm.txt
c:\program files (x86)\RelevantKnowledge\rlls.dll
c:\program files (x86)\RelevantKnowledge\rlls64.dll
c:\program files (x86)\RelevantKnowledge\rloci.bin
c:\program files (x86)\RelevantKnowledge\rlph.dll
c:\program files (x86)\RelevantKnowledge\rlservice.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg32.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg64.exe
c:\program files (x86)\RelevantKnowledge\rlxf.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome.manifest
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\asyncDB.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\background.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\browserAction.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\contextMenu.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\dbManager.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\dom_bg.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\fileManager.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\firefox.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\firefoxNotifications.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\firefoxOmnibox.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\message.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\pageAction.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\request.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\tabs.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\webRequest.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\background.html
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\baseObject.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\browser.xul
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\console.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\consts.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\delegate.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\extensionDataStore.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\folderIOWrapper.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\httpObserver.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\IDBWrapper.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\installer.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\logFile.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\prefs.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\progressListenerObserver.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\registry.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\reloadObserver.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\reports.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\requestObject.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\searchSettings.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\uninstallObserver.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\updateManager.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\utils.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\core\xhr.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\dialog.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\main.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\options.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\options.xul
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\platformVersion.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\search_dialog.xul
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\chrome\content\setup.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\defaults\preferences\prefs.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\manifest.xml
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins.json
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\1.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\13.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\14.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\16.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\17.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\177.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\182.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\183.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\207.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\21.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\22.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\28.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\4.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\47.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\5.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\64.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\7.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\72.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\78.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\9.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\plugins\98.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\userCode\background.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\extensionData\userCode\extension.js
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\install.rdf
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\locale\en-US\translations.dtd
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\button1.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\button2.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\button3.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\button4.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\button5.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\crossrider_statusbar.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\icon128.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\icon16.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\icon24.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\icon48.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\panelarrow-up.png
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\popup.html
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\skin.css
c:\users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\extensions\crossriderapp16150@crossrider.com\skin\update.css
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-01 bis 2014-08-01 ))))))))))))))))))))))))))))))
.
.
2014-08-01 18:31 . 2014-08-01 18:31 -------- d-----w- c:\program files (x86)\Revo Uninstaller
2014-08-01 08:26 . 2014-08-01 18:46 151552 ----a-w- c:\windows\KMSEmulator.exe
2014-07-31 20:03 . 2014-07-31 20:04 -------- d-----w- C:\FRST
2014-07-30 19:30 . 2014-04-10 15:37 970520 ----a-w- c:\windows\system32\rlls64.dll
2014-07-30 19:30 . 2014-04-10 15:37 660760 ----a-w- c:\windows\SysWow64\rlls.dll
2014-07-30 12:05 . 2014-07-30 12:08 -------- d-----w- c:\users\Standard\AppData\Roaming\RavensburgerTipToi
2014-07-30 11:15 . 2014-07-30 12:05 -------- d-----w- c:\programdata\RavensburgerTipToi
2014-07-30 11:15 . 2014-07-30 11:15 -------- d-----w- c:\program files (x86)\tiptoi
2014-07-29 19:41 . 2014-07-29 19:41 -------- d-----w- c:\users\Standard\AppData\Roaming\Logitech
2014-07-29 19:40 . 2014-07-29 19:40 -------- d-----w- c:\users\Standard\AppData\Local\Deployment
2014-07-29 19:40 . 2014-07-29 19:40 -------- d-----w- c:\users\Standard\AppData\Local\Apps
2014-07-18 10:32 . 2014-07-18 10:32 -------- d-----w- c:\program files\iPod
2014-07-18 10:32 . 2014-07-18 10:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-18 10:32 . 2014-07-18 10:33 -------- d-----w- c:\program files\iTunes
2014-07-18 10:32 . 2014-07-18 10:33 -------- d-----w- c:\program files (x86)\iTunes
2014-07-11 07:51 . 2014-08-01 08:31 -------- d-----w- c:\users\Standard\AppData\Local\Xmarks
2014-07-11 07:51 . 2014-07-11 07:51 -------- d-----w- c:\program files (x86)\Xmarks
2014-07-11 07:46 . 2014-06-19 00:53 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-25 14:44 . 2014-03-15 19:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-25 14:44 . 2014-03-15 19:42 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-13 23:09 . 2014-03-15 18:47 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-30 10:43 . 2014-06-30 10:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-17 14:21 . 2014-06-17 14:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 14:06 . 2014-06-17 14:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2014-05-11 17:41 . 2014-05-11 17:41 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-11 17:41 . 2014-05-11 17:41 313256 ----a-w- c:\windows\system32\javaws.exe
2014-05-11 17:41 . 2014-05-11 17:41 191400 ----a-w- c:\windows\system32\javaw.exe
2014-05-11 17:41 . 2014-05-11 17:41 190888 ----a-w- c:\windows\system32\java.exe
2014-05-08 09:32 . 2014-06-13 13:59 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-13 13:59 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"VitaDock"="c:\program files (x86)\VitaDock\VitaDock.exe" [2014-04-09 975360]
"FileHippo.com"="c:\program files (x86)\FileHippo\UpdateChecker.exe" [2012-11-23 307712]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2014-04-16 93096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508144]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"AVG_UI"="c:\program files (x86)\AVG2014\avgui.exe" [2014-07-10 5187088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Download Protect"=c:\programdata\dlprotect.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG2014\avgfws.exe;c:\program files (x86)\AVG2014\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG2014\avgwdsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 14:44]
.
2014-08-01 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2014-03-17 07:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DolbyTrayApp"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-08-31 508144]
"RtsFT"="RTFTrack.exe" [2013-04-24 6339656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-25 391128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-25 771544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-25 770520]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2014-03-17 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2014-03-17 6199128]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-01 20:51:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-01 18:51
.
Vor Suchlauf: 8 Verzeichnis(se), 111.016.292.352 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 110.643.331.072 Bytes frei
.
- - End Of File - - 2C292C2076AF420783A9B9A6161221E0
A36C5E4F47E84449FF07ED3517B43A31
 Geändert von Roddinho (01.08.2014 um 20:09 Uhr) |
|
02.08.2014, 20:19
| #7 |
| /// the machine /// TB-Ausbilder | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Die Infoleiste von Windows bereinigt sich von selbst. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.08.2014, 21:43
| #8 |
| | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Hier alles außer Malware Bytes, das hat über 700.000 Zeichen und ist auch für den Anhang zu groß (749 KByte), daher lade ich sie hoch und habe sie unter diesem Link hochgeladen: LINK zu Malwarebytes LogFile Adware Cleaner: Code:
ATTFilter # AdwCleaner v3.306 - Bericht erstellt am 16/08/2014 um 21:57:25
# Aktualisiert 15/08/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Roddinho - LENOVO-RODDI
# Gestartet von : D:\Eigene Dateien\Downloads\adwcleaner_3.306.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\user.js
Datei Gefunden : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\invalidprefs.js
Ordner Gefunden : C:\Program Files (x86)\globalUpdate
Ordner Gefunden : C:\Users\Roddinho\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\Roddinho\AppData\Roaming\Security System 2
Ordner Gefunden : C:\Users\Standard\Favorites\Tutorials
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\GlobalUpdate
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\prefs.js ]
[ Datei : C:\Users\Standard\AppData\Roaming\Mozilla\Firefox\Profiles\efmitzz1.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1984 octets] - [16/08/2014 21:57:25]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2044 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Roddinho on 16.08.2014 at 22:03:59,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Roddinho\AppData\Roaming\mozilla\firefox\profiles\c3mh1097.default\user.js
Emptied folder: C:\Users\Roddinho\AppData\Roaming\mozilla\firefox\profiles\c3mh1097.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2014 at 22:10:38,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Roddinho (administrator) on LENOVO-RODDI on 16-08-2014 22:12:58
Running from D:\Eigene Dateien\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgemca.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Medisana) C:\Program Files (x86)\VitaDock\VitaDock.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-03-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-03-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-04-25] (IDT, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-269633538-2099173846-2401267907-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-269633538-2099173846-2401267907-1000\...\Run: [VitaDock] => C:\Program Files (x86)\VitaDock\VitaDock.exe [975360 2014-04-09] (Medisana)
HKU\S-1-5-21-269633538-2099173846-2401267907-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-269633538-2099173846-2401267907-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-04-16] (SlySoft, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\foxmarks@kei.com [2014-08-01]
FF Extension: LastPass - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\support@lastpass.com [2014-03-25]
FF Extension: FoxTrick - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2014-03-15]
FF Extension: Flagfox - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-15]
FF Extension: Adblock Plus - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-27]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgfws; C:\Program Files (x86)\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-03-16] (Macrovision Europe Ltd.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-04] (Qualcomm Atheros Co., Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-16 22:10 - 2014-08-16 22:10 - 00000979 _____ () C:\Users\Roddinho\Desktop\JRT.txt
2014-08-16 22:03 - 2014-08-16 22:03 - 00002136 _____ () C:\Users\Roddinho\Desktop\AdwCleaner[R0].txt
2014-08-16 22:03 - 2014-08-16 22:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 21:57 - 2014-08-16 21:58 - 00000000 ____D () C:\AdwCleaner
2014-08-16 21:52 - 2014-08-16 21:52 - 00767256 _____ () C:\Users\Roddinho\Desktop\MBAM.txt
2014-08-16 21:39 - 2014-08-16 21:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\Program Files (x86)\MBAM
2014-08-16 21:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 21:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 21:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-16 21:11 - 2014-08-16 21:18 - 05051979 _____ () C:\Users\Standard\Desktop\Comunio_Tool_1415.xlsm
2014-08-16 12:59 - 2014-08-16 12:59 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 12:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 12:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:35 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 12:35 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 12:35 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 12:35 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 12:35 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-16 12:35 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 12:35 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 12:35 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-16 12:35 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-16 12:35 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 12:35 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-16 12:35 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 12:35 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 12:35 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 12:35 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 12:35 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-16 12:35 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-16 12:35 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-16 12:35 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-16 12:35 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 12:35 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 12:35 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 12:35 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-16 12:35 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 12:35 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 12:35 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 12:35 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 12:35 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 12:35 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 12:35 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 12:35 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 12:35 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 12:35 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 12:35 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 12:35 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 12:35 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 12:35 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 12:35 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 12:35 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 12:35 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 12:35 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 12:35 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-16 12:35 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 12:35 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 12:35 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 12:35 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 12:35 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 12:35 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 12:35 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-16 12:35 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 12:35 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 12:35 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 12:35 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 12:35 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 12:35 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 12:35 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 12:35 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 12:35 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 12:35 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-16 12:35 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 12:35 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 12:35 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 12:35 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 12:35 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 12:35 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 12:35 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 12:35 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 12:35 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 12:34 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 12:34 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-16 12:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 12:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 12:23 - 2014-08-16 14:41 - 00000000 ____D () C:\Users\Standard\Desktop\Bilder
2014-08-01 20:51 - 2014-08-01 20:51 - 00039188 _____ () C:\ComboFix.txt
2014-08-01 20:34 - 2014-08-01 20:51 - 00000000 ____D () C:\Qoobox
2014-08-01 20:34 - 2014-08-01 20:50 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 20:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-01 20:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-01 20:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-01 10:26 - 2014-08-16 21:54 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-07-31 22:03 - 2014-08-16 22:13 - 00000000 ____D () C:\FRST
2014-07-31 20:36 - 2014-08-16 21:53 - 00002106 _____ () C:\Windows\PFRO.log
2014-07-30 14:05 - 2014-07-30 14:08 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 14:05 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000979 _____ () C:\Users\Roddinho\Desktop\tiptoi.lnk
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Users\Roddinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Program Files (x86)\tiptoi
2014-07-29 22:14 - 2014-07-29 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 21:41 - 2014-07-29 21:41 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000320 _____ () C:\Users\Standard\Desktop\MyHarmony.appref-ms
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Deployment
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Apps\2.0
2014-07-25 16:44 - 2014-08-16 21:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 16:44 - 2014-07-25 16:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-25 16:40 - 2014-07-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-16 22:13 - 2014-07-31 22:03 - 00000000 ____D () C:\FRST
2014-08-16 22:10 - 2014-08-16 22:10 - 00000979 _____ () C:\Users\Roddinho\Desktop\JRT.txt
2014-08-16 22:03 - 2014-08-16 22:03 - 00002136 _____ () C:\Users\Roddinho\Desktop\AdwCleaner[R0].txt
2014-08-16 22:03 - 2014-08-16 22:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:02 - 2009-07-14 06:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 22:02 - 2009-07-14 06:45 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 21:58 - 2014-08-16 21:57 - 00000000 ____D () C:\AdwCleaner
2014-08-16 21:58 - 2014-03-15 18:58 - 01230245 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 21:55 - 2014-03-17 09:06 - 00002982 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-16 21:55 - 2014-03-17 09:06 - 00000292 _____ () C:\Windows\Tasks\AutoKMS.job
2014-08-16 21:54 - 2014-08-01 10:26 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-08-16 21:53 - 2014-07-31 20:36 - 00002106 _____ () C:\Windows\PFRO.log
2014-08-16 21:53 - 2014-06-16 16:14 - 00005268 _____ () C:\Windows\setupact.log
2014-08-16 21:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 21:52 - 2014-08-16 21:52 - 00767256 _____ () C:\Users\Roddinho\Desktop\MBAM.txt
2014-08-16 21:42 - 2014-07-25 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 21:39 - 2014-08-16 21:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\Program Files (x86)\MBAM
2014-08-16 21:36 - 2014-05-14 11:12 - 00000000 ___RD () C:\Users\Roddinho\Virtual Machines
2014-08-16 21:18 - 2014-08-16 21:11 - 05051979 _____ () C:\Users\Standard\Desktop\Comunio_Tool_1415.xlsm
2014-08-16 21:06 - 2014-05-15 21:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-16 21:04 - 2014-05-15 21:06 - 00000000 ____D () C:\Program Files (x86)\AVG2014
2014-08-16 21:00 - 2014-07-11 09:51 - 00000000 ____D () C:\Users\Standard\AppData\Local\Xmarks
2014-08-16 14:41 - 2014-08-16 12:23 - 00000000 ____D () C:\Users\Standard\Desktop\Bilder
2014-08-16 13:04 - 2014-05-15 09:42 - 00000000 ___RD () C:\Users\Standard\Virtual Machines
2014-08-16 13:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:59 - 2014-08-16 12:59 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 12:52 - 2014-03-15 20:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:50 - 2014-03-15 20:47 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:49 - 2014-03-17 08:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:43 - 2014-05-01 15:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-16 12:29 - 2014-05-15 21:08 - 00000899 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-16 12:29 - 2014-05-15 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-16 12:27 - 2009-07-14 19:58 - 00701334 _____ () C:\Windows\system32\perfh007.dat
2014-08-16 12:27 - 2009-07-14 19:58 - 00150202 _____ () C:\Windows\system32\perfc007.dat
2014-08-16 12:27 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 04:06 - 2014-08-16 12:34 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-16 12:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-01 20:51 - 2014-08-01 20:51 - 00039188 _____ () C:\ComboFix.txt
2014-08-01 20:51 - 2014-08-01 20:34 - 00000000 ____D () C:\Qoobox
2014-08-01 20:51 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-01 20:50 - 2014-08-01 20:34 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 20:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 20:44 - 2009-07-14 04:34 - 73400320 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-01 20:44 - 2009-07-14 04:34 - 16252928 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-01 20:44 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-01 20:44 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-01 20:44 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-01 01:41 - 2014-08-16 12:35 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-16 12:35 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 21:54 - 2014-04-22 23:05 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Mp3tag
2014-07-30 21:37 - 2014-04-17 21:57 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\vlc
2014-07-30 14:08 - 2014-07-30 14:05 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\RavensburgerTipToi
2014-07-30 14:05 - 2014-07-30 13:15 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000979 _____ () C:\Users\Roddinho\Desktop\tiptoi.lnk
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Users\Roddinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Program Files (x86)\tiptoi
2014-07-30 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-30 10:00 - 2014-03-15 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 22:55 - 2014-04-09 10:43 - 00000000 ____D () C:\Users\Standard\AppData\Local\DVD Profiler
2014-07-29 22:14 - 2014-07-29 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 21:41 - 2014-07-29 21:41 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000320 _____ () C:\Users\Standard\Desktop\MyHarmony.appref-ms
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Deployment
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Apps\2.0
2014-07-26 21:23 - 2014-03-17 00:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 21:22 - 2014-03-17 00:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 16:52 - 2014-08-16 12:35 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:44 - 2014-07-25 16:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-25 16:44 - 2014-03-15 21:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-25 16:44 - 2014-03-15 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-25 16:40 - 2014-07-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 16:02 - 2014-08-16 12:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-16 12:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-16 12:35 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-16 12:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-16 12:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-16 12:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-16 12:35 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-16 12:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-16 12:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-16 12:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-16 12:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-16 12:35 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-16 12:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-16 12:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-16 12:35 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-16 12:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-16 12:35 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-16 12:35 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-16 12:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-16 12:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-16 12:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-16 12:35 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-16 12:35 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-16 12:35 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-16 12:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-16 12:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-16 12:35 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-16 12:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-16 12:35 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-16 12:35 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-16 12:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-16 12:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-16 12:35 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-16 12:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-16 12:35 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-16 12:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-16 12:35 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-16 12:35 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-16 12:35 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-16 12:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-16 12:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-16 12:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-16 12:35 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-16 12:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-16 12:35 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-16 12:35 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-16 12:35 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-16 12:35 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-16 12:35 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-16 12:35 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-16 12:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-16 12:35 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-16 12:35 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
Some content of TEMP:
====================
C:\Users\Standard\AppData\Local\Temp\jre-8u11-windows-au.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-30 12:42
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Roddinho at 2014-08-16 22:13:40
Running from D:\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.1245.72250 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.1245.72250 - Alcor Micro Corp.) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.6.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{90C96F50-6055-4E41-A143-B0B02383223F}) (Version: 1.40.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version: - Microsoft)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6431.0 - IDT)
inSSIDer (HKLM-x32\...\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}) (Version: 2.1.5 - MetaGeek)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{36CE10BD-A076-4DE3-A8A7-2F61E3FB2E6A}) (Version: 6.20.55.14 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VitaDock® Online PC 1.0.530 (HKLM-x32\...\{2DDE97C5-863F-4FFB-84A2-70B21684D747}) (Version: 1.0.530.0 - Medisana)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.4 - Shark007)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows-Treiberpaket - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xmarks for IE (HKLM-x32\...\{58826E2C-FCB2-4D1B-A2FF-C3DAE866FEAF}) (Version: 127.0.170 - Xmarks)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-08-2014 18:34:28 ComboFix created restore point
16-08-2014 10:43:35 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-01 20:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0EA8D336-A106-4581-A614-18DFED2A80DB} - System32\Tasks\{354C8B7B-A3EE-4581-8BCB-B99588C3AFB4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {257821BA-EB6C-4B9A-B8F6-C4E31767FC06} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-17] ()
Task: {35DE339C-3A93-498A-A511-168125A8208D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {5B4A2CAF-009A-48F2-8E66-1793BF11EF5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {801ABAD3-01EA-4C49-821B-46FE489DADF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-25] (Adobe Systems Incorporated)
Task: {87973853-274B-42FF-B3AB-7FE3CD354751} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-03-18] (Oracle Corporation)
Task: {9EF1C56E-AC58-4E2C-8517-5D029EB97346} - System32\Tasks\FileHippo.com-Online-Aktualisierungsprogramm => C:\Program Files (x86)\FileHippo\UpdateChecker.exe [2012-11-23] (FileHippo.com)
Task: {E02BE4BE-E209-427C-8F8E-16DA20C16283} - System32\Tasks\{FB292E2C-81A8-40E4-A232-78AFF2800475} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1618
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
==================== Loaded Modules (whitelisted) =============
2014-01-25 03:22 - 2014-01-25 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 04:20 - 2014-03-17 08:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 17:30 - 2014-03-17 08:45 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 17:31 - 2014-03-17 08:45 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-26 12:16 - 2014-02-26 12:16 - 00032768 _____ () C:\Program Files (x86)\VitaDock\QHIDDLL.dll
2014-02-27 17:31 - 2014-02-27 17:31 - 00070656 _____ () C:\Program Files (x86)\VitaDock\QtSerialPort.dll
2014-03-15 19:30 - 2012-07-19 03:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-08-01 20:43:03.726
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-01 20:43:03.617
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8071.36 MB
Available physical RAM: 6154.48 MB
Total Pagefile: 16140.89 MB
Available Pagefile: 14170.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:165.92 GB) (Free:96.45 GB) NTFS
Drive d: () (Fixed) (Total:299.74 GB) (Free:180.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=165.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=299.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
17.08.2014, 14:45
| #9 |
| /// the machine /// TB-Ausbilder | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.deESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.08.2014, 22:34
| #10 |
| | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de ESET Log.Txt: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5396a66fd8901d4784722aeb02bc4eef
# engine=19703
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-17 09:15:45
# local_time=2014-08-17 11:15:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2014'
# compatibility_mode=1049 16777213 100 100 9103 95447729 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 13384828 159939995 0 0
# scanned=260437
# found=16
# cleaned=0
# scan_time=8887
sh=05521BFBB7F4EFE30B2F6FDD79ECCF47FFAE768F ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\ProgramData\Win7codecs\{02E0F3B0-0764-4EE6-910C-8CB88CE85B39}\Win7codecs.msi"
sh=E5144D01748F5A06017E389AB760B5147B7D0AFF ft=1 fh=ee2f474c3aefaf62 vn="Variante von Win32/Adware.RK.AM Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlls.dll.vir"
sh=E261D7E127DB53BAA17518BE7E39B869AD029593 ft=1 fh=32a4a8c3c0646802 vn="Variante von Win32/AdWare.RK.AR Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlls64.dll.vir"
sh=933DC1372FEBA0FBCAF5C9F9D7210BF2A4226CA8 ft=1 fh=a5c7d403513d9f85 vn="Variante von Win32/Adware.RK Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlservice.exe.vir"
sh=812E2B650B9F1CF189C5850ABBCA1BBA29E25DE4 ft=1 fh=318599b4c77cab90 vn="Variante von Win32/Adware.RK.AE Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlvknlg.exe.vir"
sh=B177234C0ECBD48AC3D061131124C5FEF1E95BE8 ft=1 fh=ecf59581e5b53697 vn="Variante von Win32/AdWare.RK.AR Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe.vir"
sh=A9FF6A58C33AF2B38E3689768D1BF388CD150911 ft=1 fh=2fc4907593749d85 vn="Variante von Win32/AdWare.RK.AR Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe.vir"
sh=65637FBF9BFFBF59C41FB868078775E7B52B4180 ft=1 fh=2fbce81cf318e2ad vn="Variante von Win32/Adware.RK.AM Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\components\rlxg.dll.vir"
sh=CB3F8129F74F8F4601B916C1AC49D9EDC0FBA3F7 ft=1 fh=9644c1383fb7e641 vn="Variante von Win32/Adware.RK.AM Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RelevantKnowledge\firefox\rlnx.dll.vir"
sh=05521BFBB7F4EFE30B2F6FDD79ECCF47FFAE768F ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\All Users\Win7codecs\{02E0F3B0-0764-4EE6-910C-8CB88CE85B39}\Win7codecs.msi"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Standard\Desktop\Anstoss 3 Deutsch\DTLite4491-0356.exe"
sh=2AA967AACCAB9A353FC818B2831B5532D7F47378 ft=1 fh=4b1c20670b9db072 vn="Win32/HackKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Windows\KMSEmulator.exe"
sh=53D5C81EEE1D9397AD6657088A49D72343022203 ft=1 fh=042b7b16c5a7260b vn="MSIL/HackKMS.A potenziell unsichere Anwendung" ac=I fn="C:\Windows\AutoKMS\AutoKMS.exe"
sh=05521BFBB7F4EFE30B2F6FDD79ECCF47FFAE768F ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\5c7812.msi"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-269633538-2099173846-2401267907-1000\$RKRW5DT.exe"
sh=FCBE5C2BAC0A1B6CFC79B5365ECE40F75DFAE57A ft=1 fh=4f17900616b47de7 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="D:\Eigene Dateien\Downloads\Software\MAGIX Video deluxe MX Premium 18\Video_deluxe_MX_Premium_Download-Version_de-DE_110825_12-58_11_0_0_42.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2014
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 14.0.0.179
Adobe Reader XI
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Roddinho (administrator) on LENOVO-RODDI on 17-08-2014 23:33:08
Running from D:\Eigene Dateien\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo\UpdateChecker.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6339656 2013-04-24] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-03-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-03-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-04-25] (IDT, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-269633538-2099173846-2401267907-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-269633538-2099173846-2401267907-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-269633538-2099173846-2401267907-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-04-16] (SlySoft, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default
FF Homepage: hxxp://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\foxmarks@kei.com [2014-08-01]
FF Extension: LastPass - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\support@lastpass.com [2014-03-25]
FF Extension: FoxTrick - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2014-03-15]
FF Extension: Flagfox - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-15]
FF Extension: Adblock Plus - C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-27]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 avgfws; C:\Program Files (x86)\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-03-16] (Macrovision Europe Ltd.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-18] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-17] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-04] (Qualcomm Atheros Co., Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-17 23:22 - 2014-08-17 23:22 - 00854417 _____ () C:\Users\Roddinho\Desktop\SecurityCheck.exe
2014-08-17 20:39 - 2014-08-17 20:39 - 00000354 _____ () C:\Windows\PFRO.log
2014-08-17 20:39 - 2014-08-17 20:39 - 00000056 _____ () C:\Windows\setupact.log
2014-08-17 20:39 - 2014-08-17 20:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-16 22:03 - 2014-08-16 22:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 21:57 - 2014-08-16 21:58 - 00000000 ____D () C:\AdwCleaner
2014-08-16 21:39 - 2014-08-16 21:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\Program Files (x86)\MBAM
2014-08-16 21:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 21:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 21:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-16 21:11 - 2014-08-16 21:18 - 05051979 _____ () C:\Users\Standard\Desktop\Comunio_Tool_1415.xlsm
2014-08-16 12:59 - 2014-08-16 12:59 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 12:44 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 12:44 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 12:44 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 12:44 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 12:44 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 12:44 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 12:44 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 12:44 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 12:35 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 12:35 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 12:35 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 12:35 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 12:35 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-16 12:35 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 12:35 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 12:35 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-16 12:35 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-16 12:35 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 12:35 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-16 12:35 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 12:35 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 12:35 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 12:35 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 12:35 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-16 12:35 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-16 12:35 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-16 12:35 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-16 12:35 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 12:35 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 12:35 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 12:35 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-16 12:35 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 12:35 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 12:35 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 12:35 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 12:35 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 12:35 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 12:35 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 12:35 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 12:35 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 12:35 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 12:35 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 12:35 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 12:35 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 12:35 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 12:35 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 12:35 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 12:35 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 12:35 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 12:35 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-16 12:35 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 12:35 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 12:35 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 12:35 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 12:35 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 12:35 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 12:35 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-16 12:35 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 12:35 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 12:35 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 12:35 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 12:35 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 12:35 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 12:35 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 12:35 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 12:35 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 12:35 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-16 12:35 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 12:35 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 12:35 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 12:35 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 12:35 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 12:35 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 12:35 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 12:35 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 12:35 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 12:34 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 12:34 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-16 12:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 12:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 12:23 - 2014-08-16 14:41 - 00000000 ____D () C:\Users\Standard\Desktop\Bilder
2014-08-01 20:51 - 2014-08-01 20:51 - 00039188 _____ () C:\ComboFix.txt
2014-08-01 20:34 - 2014-08-01 20:51 - 00000000 ____D () C:\Qoobox
2014-08-01 20:34 - 2014-08-01 20:50 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 20:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-01 20:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-01 20:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-01 20:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-01 10:26 - 2014-08-17 20:40 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-07-31 22:03 - 2014-08-17 23:33 - 00000000 ____D () C:\FRST
2014-07-30 14:05 - 2014-07-30 14:08 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 14:05 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000979 _____ () C:\Users\Roddinho\Desktop\tiptoi.lnk
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Users\Roddinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Program Files (x86)\tiptoi
2014-07-29 22:14 - 2014-07-29 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 21:41 - 2014-07-29 21:41 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000320 _____ () C:\Users\Standard\Desktop\MyHarmony.appref-ms
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Deployment
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Apps\2.0
2014-07-25 16:44 - 2014-08-17 22:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 16:44 - 2014-08-17 20:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-25 16:40 - 2014-07-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-17 23:33 - 2014-07-31 22:03 - 00000000 ____D () C:\FRST
2014-08-17 23:22 - 2014-08-17 23:22 - 00854417 _____ () C:\Users\Roddinho\Desktop\SecurityCheck.exe
2014-08-17 22:42 - 2014-07-25 16:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 20:59 - 2009-07-14 06:45 - 00027168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 20:59 - 2009-07-14 06:45 - 00027168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 20:45 - 2014-03-15 18:58 - 01250543 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 20:44 - 2014-07-25 16:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-17 20:44 - 2014-05-15 21:06 - 00000000 ____D () C:\Program Files (x86)\AVG2014
2014-08-17 20:44 - 2014-05-15 21:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-17 20:44 - 2014-03-15 21:42 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-17 20:44 - 2014-03-15 21:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-17 20:41 - 2014-03-17 09:06 - 00002982 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-17 20:41 - 2014-03-17 09:06 - 00000292 _____ () C:\Windows\Tasks\AutoKMS.job
2014-08-17 20:40 - 2014-08-01 10:26 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2014-08-17 20:39 - 2014-08-17 20:39 - 00000354 _____ () C:\Windows\PFRO.log
2014-08-17 20:39 - 2014-08-17 20:39 - 00000056 _____ () C:\Windows\setupact.log
2014-08-17 20:39 - 2014-08-17 20:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-17 20:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 23:31 - 2014-04-18 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-16 23:31 - 2014-04-18 21:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-16 22:03 - 2014-08-16 22:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 21:58 - 2014-08-16 21:57 - 00000000 ____D () C:\AdwCleaner
2014-08-16 21:39 - 2014-08-16 21:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 21:39 - 2014-08-16 21:39 - 00000000 ____D () C:\Program Files (x86)\MBAM
2014-08-16 21:36 - 2014-05-14 11:12 - 00000000 ___RD () C:\Users\Roddinho\Virtual Machines
2014-08-16 21:18 - 2014-08-16 21:11 - 05051979 _____ () C:\Users\Standard\Desktop\Comunio_Tool_1415.xlsm
2014-08-16 21:00 - 2014-07-11 09:51 - 00000000 ____D () C:\Users\Standard\AppData\Local\Xmarks
2014-08-16 14:41 - 2014-08-16 12:23 - 00000000 ____D () C:\Users\Standard\Desktop\Bilder
2014-08-16 13:04 - 2014-05-15 09:42 - 00000000 ___RD () C:\Users\Standard\Virtual Machines
2014-08-16 13:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 12:59 - 2014-08-16 12:59 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 12:59 - 2014-08-16 12:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-16 12:52 - 2014-03-15 20:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 12:50 - 2014-03-15 20:47 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 12:49 - 2014-03-17 08:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 12:43 - 2014-05-01 15:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-16 12:29 - 2014-05-15 21:08 - 00000899 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-16 12:29 - 2014-05-15 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-16 12:27 - 2009-07-14 19:58 - 00701334 _____ () C:\Windows\system32\perfh007.dat
2014-08-16 12:27 - 2009-07-14 19:58 - 00150202 _____ () C:\Windows\system32\perfc007.dat
2014-08-16 12:27 - 2009-07-14 07:13 - 01619700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 04:06 - 2014-08-16 12:34 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-16 12:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-01 20:51 - 2014-08-01 20:51 - 00039188 _____ () C:\ComboFix.txt
2014-08-01 20:51 - 2014-08-01 20:34 - 00000000 ____D () C:\Qoobox
2014-08-01 20:51 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-01 20:50 - 2014-08-01 20:34 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 20:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 20:44 - 2009-07-14 04:34 - 73400320 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-01 20:44 - 2009-07-14 04:34 - 16252928 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-01 20:44 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-01 20:44 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-01 20:44 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-01 01:41 - 2014-08-16 12:35 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-16 12:35 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 21:54 - 2014-04-22 23:05 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Mp3tag
2014-07-30 21:37 - 2014-04-17 21:57 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\vlc
2014-07-30 14:08 - 2014-07-30 14:05 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\RavensburgerTipToi
2014-07-30 14:05 - 2014-07-30 13:15 - 00000000 ____D () C:\ProgramData\RavensburgerTipToi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000979 _____ () C:\Users\Roddinho\Desktop\tiptoi.lnk
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Users\Roddinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi
2014-07-30 13:15 - 2014-07-30 13:15 - 00000000 ____D () C:\Program Files (x86)\tiptoi
2014-07-30 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-30 10:00 - 2014-03-15 21:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 22:55 - 2014-04-09 10:43 - 00000000 ____D () C:\Users\Standard\AppData\Local\DVD Profiler
2014-07-29 22:14 - 2014-07-29 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 21:41 - 2014-07-29 21:41 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000320 _____ () C:\Users\Standard\Desktop\MyHarmony.appref-ms
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Deployment
2014-07-29 21:40 - 2014-07-29 21:40 - 00000000 ____D () C:\Users\Standard\AppData\Local\Apps\2.0
2014-07-26 21:23 - 2014-03-17 00:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 21:22 - 2014-03-17 00:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 16:52 - 2014-08-16 12:35 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:40 - 2014-07-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 16:02 - 2014-08-16 12:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-16 12:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-16 12:35 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-16 12:35 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-16 12:35 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-16 12:35 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-16 12:35 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-16 12:35 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-16 12:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-16 12:35 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-16 12:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-16 12:35 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-16 12:35 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-16 12:35 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-16 12:35 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-16 12:35 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-16 12:35 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-16 12:35 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-16 12:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-16 12:35 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-16 12:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-16 12:35 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-16 12:35 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-16 12:35 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-16 12:35 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-16 12:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-16 12:35 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-16 12:35 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-16 12:35 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-16 12:35 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-16 12:35 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-16 12:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-16 12:35 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-16 12:35 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-16 12:35 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-16 12:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-16 12:35 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-16 12:35 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-16 12:35 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-16 12:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-16 12:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-16 12:35 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-16 12:35 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-16 12:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-16 12:35 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-16 12:35 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-16 12:35 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-16 12:35 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-16 12:35 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-16 12:35 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-16 12:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-16 12:35 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-16 12:35 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
Some content of TEMP:
====================
C:\Users\Standard\AppData\Local\Temp\jre-8u11-windows-au.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-30 12:42
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by Roddinho at 2014-08-17 23:33:53
Running from D:\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.1245.72250 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.1245.72250 - Alcor Micro Corp.) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.6.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{90C96F50-6055-4E41-A143-B0B02383223F}) (Version: 1.40.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version: - Microsoft)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version: - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6431.0 - IDT)
inSSIDer (HKLM-x32\...\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}) (Version: 2.1.5 - MetaGeek)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{36CE10BD-A076-4DE3-A8A7-2F61E3FB2E6A}) (Version: 6.20.55.14 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.4 - Shark007)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xmarks for IE (HKLM-x32\...\{58826E2C-FCB2-4D1B-A2FF-C3DAE866FEAF}) (Version: 127.0.170 - Xmarks)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-08-2014 18:34:28 ComboFix created restore point
16-08-2014 10:43:35 Windows Update
16-08-2014 21:29:25 Removed VitaDock® Online PC 1.0.530
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-01 20:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0EA8D336-A106-4581-A614-18DFED2A80DB} - System32\Tasks\{354C8B7B-A3EE-4581-8BCB-B99588C3AFB4} => Firefox.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {257821BA-EB6C-4B9A-B8F6-C4E31767FC06} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-17] ()
Task: {35DE339C-3A93-498A-A511-168125A8208D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {5B4A2CAF-009A-48F2-8E66-1793BF11EF5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {801ABAD3-01EA-4C49-821B-46FE489DADF6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-17] (Adobe Systems Incorporated)
Task: {87973853-274B-42FF-B3AB-7FE3CD354751} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-03-18] (Oracle Corporation)
Task: {9EF1C56E-AC58-4E2C-8517-5D029EB97346} - System32\Tasks\FileHippo.com-Online-Aktualisierungsprogramm => C:\Program Files (x86)\FileHippo\UpdateChecker.exe [2012-11-23] (FileHippo.com)
Task: {E02BE4BE-E209-427C-8F8E-16DA20C16283} - System32\Tasks\{FB292E2C-81A8-40E4-A232-78AFF2800475} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1618
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-25 03:22 - 2014-01-25 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 04:20 - 2014-03-17 08:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 17:30 - 2014-03-17 08:45 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 17:31 - 2014-03-17 08:45 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 04:20 - 2014-03-17 08:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-29 22:14 - 2014-07-29 22:14 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-23 19:58 - 2014-03-23 19:58 - 01020928 _____ () C:\Users\Roddinho\AppData\Roaming\Mozilla\Firefox\Profiles\c3mh1097.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-03-15 19:30 - 2012-07-19 03:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/17/2014 11:24:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/17/2014 11:21:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/17/2014 08:45:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/17/2014 08:45:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (08/16/2014 10:44:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
Error: (08/16/2014 10:44:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
Error: (08/16/2014 10:44:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (08/17/2014 08:41:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (08/16/2014 10:33:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (08/17/2014 11:24:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Eigene Dateien\Downloads\esetsmartinstaller_deu.exe
Error: (08/17/2014 11:21:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (08/17/2014 08:45:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Eigene Dateien\Downloads\esetsmartinstaller_deu.exe
Error: (08/17/2014 08:45:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Eigene Dateien\Downloads\esetsmartinstaller_deu.exe
Error: (08/16/2014 10:44:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
Error: (08/16/2014 10:44:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
Error: (08/16/2014 10:44:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-08-01 20:43:03.726
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-01 20:43:03.617
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8071.36 MB
Available physical RAM: 5884.86 MB
Total Pagefile: 16140.89 MB
Available Pagefile: 13773.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:165.92 GB) (Free:95.81 GB) NTFS
Drive d: () (Fixed) (Total:299.74 GB) (Free:180.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=165.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=299.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
18.08.2014, 20:53
| #11 |
| /// the machine /// TB-Ausbilder | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Java updaten. UNd bitte den Crackmüll den ESET gefunden hat löschen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\All Users\Win7codecs
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.08.2014, 09:33
| #12 |
| | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Hier der Inhalt der Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Roddinho at 2014-08-21 10:31:48 Run:1
Running from C:\Users\Roddinho\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\All Users\Win7codecs
*****************
C:\Users\All Users\Win7codecs => Moved successfully.
==== End of Fixlog ====
Eine Frage habe ich aber: Das Ding habe ich mir DEFINITIV bei Chip.de eingefangen. Eigentlich eine seriöse Seite wie ich dachte. Kann man das checken? |
|
21.08.2014, 20:24
| #13 |
| /// the machine /// TB-Ausbilder | Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de Seit Chip den hauseigenen Downloader verwendet is da gar nix mehr seriös.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de |
| anhang, eingefangen, gefangen, geladen, gleichzeitig, installation, msil/hackkms.a, professional, programm, relevant knowledge, systemsteuerung, vermutlich, vertrauenswürdige, win32/adware.rk, win32/adware.rk.ae, win32/adware.rk.am, win32/adware.rk.ar, win32/bundled.toolbar.ask, win32/bundled.toolbar.google.d, win32/downware.l, win32/hackkms.a, windows 7, würde, zusammen |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Hybrid-Darstellung
