| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.08.2014, 15:42
| #1 |
 | ![Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] - Standard](images/icons/icon1.gif){kind=icon} Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Hallo liebes Trojanerboard! Ich habe mich heute ziemlich gewundert, als mein Firefox plötzlich ganz viele neue Tabs hintereinander mit der URL: hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#ad und hxxp://98uj8.de/s3brsn5ba66mgfzeinrum#noad geöffnet hat. Daraufhin habe ich Firefox sofort geschlossen und danach wieder geöffnet, dann war Ruhe. Dann habe ich mal in der Suchmaschine nach der URL gesucht und bin dann direkt auf euer Board gestoßen. Sofort hab ich mir erstmal MBAM und AdwCleaner runtergeladen und durchlaufen lassen (Die Logs sind weiter unten), die haben aber nicht so viel gefunden, daher wende ich mich jetzt an euch.  An einen Trigger für die Firefox-Aktion kann ich mich nicht erinnern, hab einfach normal gesurft und dann gingen die ganzen Tabs auf. --------- LOGS -------- defogger_disable.log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:54 on 02/08/2014 (Calvin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014 Ran by Calvin (administrator) on SCABA-PC on 02-08-2014 14:55:43 Running from C:\Users\Calvin\Desktop Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Windows\SysWOW64\HsMgr.exe () C:\Windows\system\HsMgr64.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (CMedia) C:\Program Files\ASUS Xonar DSX Audio\Customapp\AsusAudioCenter.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (Octoshape ApS) C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Dropbox, Inc.) C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files (x86)\xchat\xchat.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [Cm112Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm112.dll,CMICtrlWnd HKLM\...\Run: [Cm112GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cm112GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-01-31] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-01-31] (Saitek) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2012-04-30] (VMware, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-07-06] (AMD) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [NM Monitor] => "C:\Users\Calvin\Desktop\nmmonitor\nmmonitor.exe" HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\MountPoints2: {55371d00-53b5-11e3-8b1b-005056c00008} - V:\INSTALL.EXE HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\MountPoints2: {77c81329-b2bb-11e3-a8d1-6cf0495d1bdc} - W:\setup.exe HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\MountPoints2: {9e83967a-8379-11e3-957f-6cf0495d1bdc} - V:\setup.exe HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\MountPoints2: {9e83968f-8379-11e3-957f-6cf0495d1bdc} - W:\OriginInstaller.exe HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\MountPoints2: {bb62520c-30ed-11e3-9fbe-005056c00008} - G:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\MountPoints2: {bdf51fb9-5375-11e3-a733-005056c00008} - V:\INSTALL.EXE HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\MountPoints2: {c7d9bd25-2f8e-11e3-a7a1-806e6f6e6963} - rundll32.exe url,FileProtocolHandler index_RX-V775_V675.html Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico () Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://youtube.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB14AAF175F74CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {3ECE6F49-2F9A-4025-80B3-1C061BA48288} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=E450175B-4E16-482A-B410-C78B1AD4BEDD&apn_sauid=B0B2C0BA-9445-460D-BDAA-39C2D5367484 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default FF Homepage: https://google.de FF NetworkProxy: "backup.ftp", "" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "127.0.0.1" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Calvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Calvin\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Shumway - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\shumway@research.mozilla.org [2014-08-01] FF Extension: Classic Theme Restorer - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11] FF Extension: ClipConverter - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\clipconverter@clipconverter.cc.xpi [2014-02-15] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-10-07] FF Extension: Ghostery - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\firefox@ghostery.com.xpi [2013-08-16] FF Extension: HTTP Header Mangler - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\se.patriarkatet.firefox.extensions.httpheadermangler@jetpack.xpi [2014-07-17] FF Extension: YOURLS shortener - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\yourls-shortener@binfalse.de.xpi [2013-10-26] FF Extension: NoScript - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-07] FF Extension: Adblock Plus - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-16] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R2 MSSQL$MAXXYZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-03-09] (Native Instruments GmbH) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-05-11] () S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC) R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1940248 2013-12-05] (UltraVNC) R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-04-30] (VMware, Inc.) [File not signed] R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-04-30] () [File not signed] R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-06-05] (Google Inc) S3 ASUSU1; C:\Windows\System32\drivers\cm11264.sys [1308160 2011-08-23] (C-Media Electronics Inc) R3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] () R3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [34376 2010-10-13] (Bome Software) R3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [30792 2010-10-13] (Bome Software) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc) S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.) S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [2996 2014-03-02] (Buzz) [File not signed] S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2013-04-29] (Logix4u) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\Windows\system32\C75.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2013-04-29] () [File not signed] R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-02-01] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek) R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek) S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [105816 2012-09-13] (Oracle Corporation) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [266752 2013-01-10] (Jungo) S3 ALSysIO; \??\C:\Users\Calvin\AppData\Local\Temp\ALSysIO64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 zlportio; \??\D:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-02 14:55 - 2014-08-02 14:56 - 00033220 _____ () C:\Users\Calvin\Desktop\FRST.txt 2014-08-02 14:55 - 2014-08-02 14:55 - 00000000 ____D () C:\FRST 2014-08-02 14:54 - 2014-08-02 14:54 - 00000474 _____ () C:\Users\Calvin\Desktop\defogger_disable.log 2014-08-02 14:54 - 2014-08-02 14:54 - 00000000 _____ () C:\Users\Calvin\defogger_reenable 2014-08-02 14:49 - 2014-08-02 14:49 - 00001640 _____ () C:\Users\Calvin\Desktop\anti-malware-protection-02.08.2014.txt 2014-08-02 14:49 - 2014-08-02 14:49 - 00001145 _____ () C:\Users\Calvin\Desktop\anti-malware-02.08.2014.txt 2014-08-02 14:46 - 2014-08-02 14:46 - 02094080 _____ (Farbar) C:\Users\Calvin\Desktop\FRST64.exe 2014-08-02 14:46 - 2014-08-02 14:46 - 00380416 _____ () C:\Users\Calvin\Desktop\ncynph9p.exe 2014-08-02 14:43 - 2014-08-02 14:44 - 00000000 ____D () C:\Users\Calvin\Desktop\altes_zeug 2014-08-02 14:43 - 2014-08-02 14:43 - 00050477 _____ () C:\Users\Calvin\Desktop\Defogger.exe 2014-08-02 14:10 - 2014-08-02 14:10 - 00000000 ____H () C:\ProgramData\cm-lock 2014-08-02 14:09 - 2014-08-02 14:09 - 00002218 _____ () C:\Users\Calvin\Desktop\AdwCleaner[S0].txt 2014-08-02 14:04 - 2014-08-02 14:51 - 00000000 ____D () C:\AdwCleaner 2014-08-02 14:04 - 2014-08-02 14:05 - 00002207 _____ () C:\Users\Calvin\Desktop\AdwCleaner[R0].txt 2014-08-02 14:04 - 2014-08-02 14:04 - 01361309 _____ () C:\Users\Calvin\Downloads\adwcleaner_3.302.exe 2014-08-02 13:49 - 2014-08-02 14:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-02 13:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-02 13:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-02 13:48 - 2014-08-02 13:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-02 13:47 - 2014-08-02 13:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 22:03 - 2014-08-01 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-19 00:45 - 2014-07-19 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-07-19 00:44 - 2014-07-19 00:44 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-07-19 00:43 - 2014-07-19 00:43 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Calvin\Downloads\NAVIGON_Fresh_setup.exe 2014-07-18 23:00 - 2014-07-18 23:00 - 59516946 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-i386-mingw.zip 2014-07-18 22:59 - 2014-07-18 22:59 - 02053228 _____ () C:\Users\Calvin\Downloads\OCNightly32.zip 2014-07-18 22:55 - 2014-07-18 22:56 - 61311027 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-amd64-mingw.zip 2014-07-18 22:55 - 2014-07-18 22:55 - 05915686 _____ () C:\Users\Calvin\Downloads\mape-snapshot-20140713-bb96406262-win32-amd64-mingw.zip 2014-07-18 17:44 - 2014-07-18 17:44 - 07815799 _____ () C:\Users\Calvin\Downloads\wiibackupmanager_build78.zip 2014-07-18 17:21 - 2014-07-18 17:21 - 00000000 ____D () C:\Users\Calvin\AppData\Local\WBFSManager 2014-07-18 17:17 - 2014-07-18 17:59 - 00000000 ____D () C:\Users\Calvin\Documents\WBFS Manager Covers 2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager 2014-07-18 17:16 - 2014-07-18 17:16 - 02847970 _____ () C:\Users\Calvin\Downloads\WBFSManager3.0.1-RTW-x64.zip 2014-07-16 11:40 - 2014-07-16 11:40 - 00012848 _____ () C:\Users\Calvin\Downloads\config.bin 2014-07-15 21:45 - 2014-07-15 22:25 - 00000164 _____ () C:\Users\Calvin\advanced_ip_scanner_MAC.bin 2014-07-14 21:22 - 2014-07-14 21:22 - 16232960 _____ () C:\Users\Calvin\Downloads\mumble-1.2.7.msi 2014-07-12 00:31 - 2014-07-12 00:31 - 05122472 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\grcu13ww.exe 2014-07-12 00:17 - 2014-07-12 00:21 - 97170008 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\cssw764rti_8_30_0_057.exe 2014-07-11 23:59 - 2014-07-12 00:00 - 37217224 _____ (Lenovo Group Limited) C:\Users\Calvin\Downloads\lscsetup_x64_24003.exe 2014-07-11 21:05 - 2014-07-11 22:06 - 298374544 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5de33ww.exe 2014-07-11 21:05 - 2014-07-11 22:06 - 298242424 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5de28ww.exe 2014-07-11 21:05 - 2014-07-11 22:04 - 279556240 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5dh26ww.exe 2014-07-11 21:05 - 2014-07-11 21:58 - 227182352 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5dd28ww(1).exe 2014-07-11 21:05 - 2014-07-11 21:57 - 227181344 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5dd33ww.exe 2014-07-11 21:05 - 2014-07-11 21:46 - 156578912 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5db04ww.exe 2014-07-11 21:05 - 2014-07-11 21:35 - 111850712 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5da28ww.exe 2014-07-11 21:03 - 2014-07-11 21:03 - 00325920 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\79oi33ww.exe 2014-07-11 20:48 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\C75.tmp 2014-07-11 20:46 - 2014-07-11 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2014-07-11 20:46 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\634A.tmp 2014-07-11 20:45 - 2014-07-11 20:46 - 01339288 _____ () C:\Users\Calvin\Downloads\sar_15_sfx.exe 2014-07-11 20:02 - 2014-07-11 01:47 - 30181304 _____ (Lenovo Group Limited ) C:\Users\Public\Documents\6hgx79ww.exe 2014-07-11 19:13 - 2014-07-11 19:14 - 30000520 _____ (NVIDIA Corporation) C:\Users\Calvin\Downloads\GeForce_Experience_v2.1.0.0.exe 2014-07-11 18:13 - 2014-07-11 18:14 - 04821464 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1ys14ww.exe 2014-07-11 18:13 - 2014-07-11 18:13 - 00581616 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1io15ww.exe 2014-07-11 18:12 - 2014-07-11 18:15 - 14735168 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gmir10ww.exe 2014-07-11 18:11 - 2014-07-11 18:12 - 02688688 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g7fu05ww.exe 2014-07-11 18:10 - 2014-07-11 18:15 - 26394760 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\guu403ww.exe 2014-07-11 18:10 - 2014-07-11 18:14 - 16945128 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\guvu26ww.exe 2014-07-11 18:10 - 2014-07-11 18:10 - 01291568 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gtku09ww(2).exe 2014-07-11 18:08 - 2014-07-11 18:10 - 12668552 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\7zw406ww.exe 2014-07-11 18:08 - 2014-07-11 18:08 - 01291568 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gtku09ww(1).exe 2014-07-11 18:07 - 2014-07-11 18:17 - 79368888 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\8awj15ww.exe 2014-07-11 18:07 - 2014-07-11 18:17 - 101697640 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\n14w204w_64.exe 2014-07-11 18:06 - 2014-07-11 18:07 - 24484936 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\grrw03ww_64.exe 2014-07-11 18:06 - 2014-07-11 18:06 - 01240624 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1rw12ww_64.exe 2014-07-11 15:53 - 2014-07-11 15:53 - 01291568 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gtku09ww.exe 2014-07-11 02:23 - 2014-07-11 02:34 - 296920424 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5de45ww.exe 2014-07-11 02:18 - 2014-07-11 02:19 - 03816984 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1rg19ww.exe 2014-07-11 01:47 - 2014-07-11 01:47 - 00369200 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\osfj09ww.exe 2014-07-11 01:40 - 2014-07-11 01:47 - 30181304 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\6hgx79ww.exe 2014-07-11 01:34 - 2014-07-11 01:40 - 24272696 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1f814ww.exe 2014-07-11 01:27 - 2014-07-11 02:11 - 227182352 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5dd28ww.exe 2014-07-11 01:27 - 2014-07-11 02:09 - 199249856 _____ (NVIDIA Corporation) C:\Users\Calvin\Downloads\307.45-quadro-notebook-win8-win7-winvista-64bit-international-whql.exe 2014-07-11 01:27 - 2014-07-11 02:06 - 193952192 _____ () C:\Users\Calvin\Downloads\win7x64_hda(296.79).exe 2014-07-11 01:26 - 2014-07-11 01:34 - 42181800 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\girc11ww.exe 2014-07-11 01:25 - 2014-07-11 02:10 - 221062296 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g4wb12ww.exe 2014-07-11 01:25 - 2014-07-11 01:27 - 11788560 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1c814ww.exe 2014-07-11 01:25 - 2014-07-11 01:26 - 03901936 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\ggca22ww.exe 2014-07-11 01:25 - 2014-07-11 01:26 - 03770024 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1rf42ww.exe 2014-07-11 01:25 - 2014-07-11 01:26 - 03449040 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1ss01ww.exe 2014-07-11 01:25 - 2014-07-11 01:26 - 02035792 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1ic09ww.exe 2014-07-11 01:24 - 2014-07-11 02:11 - 233317192 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gga109ww.exe 2014-07-11 01:02 - 2014-07-11 01:02 - 02195811 _____ () C:\Users\Calvin\Downloads\hw64_440.zip 2014-07-10 02:40 - 2014-07-10 02:40 - 00370943 _____ () C:\Users\Calvin\Downloads\gmer.zip 2014-07-10 02:35 - 2014-07-10 02:35 - 00380416 _____ () C:\Users\Calvin\Downloads\315zdd9w.exe 2014-07-10 01:23 - 2014-07-10 03:23 - 3268683776 _____ () C:\Users\Calvin\Downloads\de_windows_7_sp1_x64.iso 2014-07-09 00:21 - 2014-07-09 00:22 - 32878592 _____ () C:\Users\Calvin\Downloads\g5uj22us.iso 2014-07-08 21:12 - 2014-07-08 21:12 - 00407279 _____ () C:\Users\Calvin\Downloads\glas_grub_theme.tar.gz 2014-07-07 21:02 - 2014-07-07 21:13 - 110057237 _____ () C:\Users\Calvin\Downloads\Strass on Mass.zip 2014-07-06 20:28 - 2014-07-06 20:28 - 00002014 _____ () C:\counter.tcl 2014-07-06 19:08 - 2014-07-06 19:08 - 00000000 ____D () C:\Windows\system32\SPReview ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-02 14:56 - 2014-08-02 14:55 - 00033220 _____ () C:\Users\Calvin\Desktop\FRST.txt 2014-08-02 14:55 - 2014-08-02 14:55 - 00000000 ____D () C:\FRST 2014-08-02 14:54 - 2014-08-02 14:54 - 00000474 _____ () C:\Users\Calvin\Desktop\defogger_disable.log 2014-08-02 14:54 - 2014-08-02 14:54 - 00000000 _____ () C:\Users\Calvin\defogger_reenable 2014-08-02 14:54 - 2012-08-16 17:39 - 00000000 ____D () C:\Users\Calvin 2014-08-02 14:53 - 2012-08-16 19:29 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Skype 2014-08-02 14:51 - 2014-08-02 14:04 - 00000000 ____D () C:\AdwCleaner 2014-08-02 14:49 - 2014-08-02 14:49 - 00001640 _____ () C:\Users\Calvin\Desktop\anti-malware-protection-02.08.2014.txt 2014-08-02 14:49 - 2014-08-02 14:49 - 00001145 _____ () C:\Users\Calvin\Desktop\anti-malware-02.08.2014.txt 2014-08-02 14:46 - 2014-08-02 14:46 - 02094080 _____ (Farbar) C:\Users\Calvin\Desktop\FRST64.exe 2014-08-02 14:46 - 2014-08-02 14:46 - 00380416 _____ () C:\Users\Calvin\Desktop\ncynph9p.exe 2014-08-02 14:44 - 2014-08-02 14:43 - 00000000 ____D () C:\Users\Calvin\Desktop\altes_zeug 2014-08-02 14:43 - 2014-08-02 14:43 - 00050477 _____ () C:\Users\Calvin\Desktop\Defogger.exe 2014-08-02 14:19 - 2012-08-16 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-02 14:19 - 2009-07-14 19:58 - 00747948 _____ () C:\Windows\system32\perfh007.dat 2014-08-02 14:19 - 2009-07-14 19:58 - 00167864 _____ () C:\Windows\system32\perfc007.dat 2014-08-02 14:19 - 2009-07-14 07:13 - 01757806 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-02 14:17 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-02 14:17 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-02 14:13 - 2012-08-16 17:39 - 01066672 _____ () C:\Windows\WindowsUpdate.log 2014-08-02 14:11 - 2012-10-04 17:03 - 00000000 ___RD () C:\Users\Calvin\Dropbox 2014-08-02 14:11 - 2012-10-04 16:59 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Dropbox 2014-08-02 14:10 - 2014-08-02 14:10 - 00000000 ____H () C:\ProgramData\cm-lock 2014-08-02 14:10 - 2014-08-02 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-02 14:10 - 2014-06-08 20:56 - 00000000 ____D () C:\Users\Calvin\AppData\Local\LogMeIn Hamachi 2014-08-02 14:10 - 2013-07-01 18:01 - 00040889 _____ () C:\Windows\setupact.log 2014-08-02 14:10 - 2012-12-24 14:02 - 00000000 ____D () C:\ProgramData\VMware 2014-08-02 14:10 - 2012-10-03 21:06 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-08-02 14:10 - 2012-08-16 19:19 - 00204482 _____ () C:\Windows\PFRO.log 2014-08-02 14:10 - 2012-08-16 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-02 14:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-02 14:09 - 2014-08-02 14:09 - 00002218 _____ () C:\Users\Calvin\Desktop\AdwCleaner[S0].txt 2014-08-02 14:05 - 2014-08-02 14:04 - 00002207 _____ () C:\Users\Calvin\Desktop\AdwCleaner[R0].txt 2014-08-02 14:04 - 2014-08-02 14:04 - 01361309 _____ () C:\Users\Calvin\Downloads\adwcleaner_3.302.exe 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-02 13:48 - 2014-08-02 13:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-02 13:47 - 2014-08-02 13:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-02 01:39 - 2012-08-19 22:22 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\X-Chat 2 2014-08-02 01:29 - 2012-09-16 19:35 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\vlc 2014-08-01 22:08 - 2014-01-06 00:45 - 00000000 ____D () C:\Program Files (x86)\Clonk Rage2 2014-08-01 22:03 - 2014-08-01 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-01 20:59 - 2012-10-04 17:00 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-01 20:58 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-19 04:42 - 2012-09-16 17:04 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\FileZilla 2014-07-19 01:22 - 2014-03-27 21:35 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-07-19 00:45 - 2014-07-19 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-07-19 00:44 - 2014-07-19 00:44 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-07-19 00:43 - 2014-07-19 00:43 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Calvin\Downloads\NAVIGON_Fresh_setup.exe 2014-07-19 00:17 - 2012-10-17 16:43 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\OpenClonk 2014-07-18 23:00 - 2014-07-18 23:00 - 59516946 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-i386-mingw.zip 2014-07-18 22:59 - 2014-07-18 22:59 - 02053228 _____ () C:\Users\Calvin\Downloads\OCNightly32.zip 2014-07-18 22:56 - 2014-07-18 22:55 - 61311027 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-amd64-mingw.zip 2014-07-18 22:55 - 2014-07-18 22:55 - 05915686 _____ () C:\Users\Calvin\Downloads\mape-snapshot-20140713-bb96406262-win32-amd64-mingw.zip 2014-07-18 17:59 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\Documents\WBFS Manager Covers 2014-07-18 17:44 - 2014-07-18 17:44 - 07815799 _____ () C:\Users\Calvin\Downloads\wiibackupmanager_build78.zip 2014-07-18 17:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-18 17:21 - 2014-07-18 17:21 - 00000000 ____D () C:\Users\Calvin\AppData\Local\WBFSManager 2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager 2014-07-18 17:16 - 2014-07-18 17:16 - 02847970 _____ () C:\Users\Calvin\Downloads\WBFSManager3.0.1-RTW-x64.zip 2014-07-16 22:43 - 2012-09-23 15:56 - 00000600 _____ () C:\Users\Calvin\AppData\Local\PUTTY.RND 2014-07-16 11:40 - 2014-07-16 11:40 - 00012848 _____ () C:\Users\Calvin\Downloads\config.bin 2014-07-16 11:26 - 2013-09-17 00:11 - 00000000 ____D () C:\Users\Calvin\AppData\Local\TSVNCache 2014-07-16 00:18 - 2012-12-24 14:08 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\VMware 2014-07-15 22:25 - 2014-07-15 21:45 - 00000164 _____ () C:\Users\Calvin\advanced_ip_scanner_MAC.bin 2014-07-15 14:45 - 2012-12-24 14:08 - 00000000 ____D () C:\Users\Calvin\AppData\Local\VMware 2014-07-15 00:39 - 2014-06-29 01:12 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Mumble 2014-07-14 21:22 - 2014-07-14 21:22 - 16232960 _____ () C:\Users\Calvin\Downloads\mumble-1.2.7.msi 2014-07-13 18:27 - 2012-09-11 16:18 - 00000000 ____D () C:\Users\Calvin\Documents\Skype 2014-07-12 00:31 - 2014-07-12 00:31 - 05122472 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\grcu13ww.exe 2014-07-12 00:21 - 2014-07-12 00:17 - 97170008 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\cssw764rti_8_30_0_057.exe 2014-07-12 00:00 - 2014-07-11 23:59 - 37217224 _____ (Lenovo Group Limited) C:\Users\Calvin\Downloads\lscsetup_x64_24003.exe 2014-07-11 22:06 - 2014-07-11 21:05 - 298374544 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5de33ww.exe 2014-07-11 22:06 - 2014-07-11 21:05 - 298242424 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5de28ww.exe 2014-07-11 22:04 - 2014-07-11 21:05 - 279556240 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5dh26ww.exe 2014-07-11 21:58 - 2014-07-11 21:05 - 227182352 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5dd28ww(1).exe 2014-07-11 21:57 - 2014-07-11 21:05 - 227181344 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5dd33ww.exe 2014-07-11 21:46 - 2014-07-11 21:05 - 156578912 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5db04ww.exe 2014-07-11 21:35 - 2014-07-11 21:05 - 111850712 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5da28ww.exe 2014-07-11 21:03 - 2014-07-11 21:03 - 00325920 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\79oi33ww.exe 2014-07-11 20:46 - 2014-07-11 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2014-07-11 20:46 - 2014-07-11 20:45 - 01339288 _____ () C:\Users\Calvin\Downloads\sar_15_sfx.exe 2014-07-11 20:46 - 2014-04-18 23:06 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-07-11 19:14 - 2014-07-11 19:13 - 30000520 _____ (NVIDIA Corporation) C:\Users\Calvin\Downloads\GeForce_Experience_v2.1.0.0.exe 2014-07-11 18:17 - 2014-07-11 18:07 - 79368888 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\8awj15ww.exe 2014-07-11 18:17 - 2014-07-11 18:07 - 101697640 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\n14w204w_64.exe 2014-07-11 18:15 - 2014-07-11 18:12 - 14735168 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gmir10ww.exe 2014-07-11 18:15 - 2014-07-11 18:10 - 26394760 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\guu403ww.exe 2014-07-11 18:14 - 2014-07-11 18:13 - 04821464 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1ys14ww.exe 2014-07-11 18:14 - 2014-07-11 18:10 - 16945128 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\guvu26ww.exe 2014-07-11 18:13 - 2014-07-11 18:13 - 00581616 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1io15ww.exe 2014-07-11 18:12 - 2014-07-11 18:11 - 02688688 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g7fu05ww.exe 2014-07-11 18:10 - 2014-07-11 18:10 - 01291568 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gtku09ww(2).exe 2014-07-11 18:10 - 2014-07-11 18:08 - 12668552 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\7zw406ww.exe 2014-07-11 18:08 - 2014-07-11 18:08 - 01291568 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gtku09ww(1).exe 2014-07-11 18:07 - 2014-07-11 18:06 - 24484936 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\grrw03ww_64.exe 2014-07-11 18:06 - 2014-07-11 18:06 - 01240624 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1rw12ww_64.exe 2014-07-11 15:53 - 2014-07-11 15:53 - 01291568 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gtku09ww.exe 2014-07-11 02:34 - 2014-07-11 02:23 - 296920424 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5de45ww.exe 2014-07-11 02:19 - 2014-07-11 02:18 - 03816984 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1rg19ww.exe 2014-07-11 02:11 - 2014-07-11 01:27 - 227182352 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g5dd28ww.exe 2014-07-11 02:11 - 2014-07-11 01:24 - 233317192 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\gga109ww.exe 2014-07-11 02:10 - 2014-07-11 01:25 - 221062296 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g4wb12ww.exe 2014-07-11 02:09 - 2014-07-11 01:27 - 199249856 _____ (NVIDIA Corporation) C:\Users\Calvin\Downloads\307.45-quadro-notebook-win8-win7-winvista-64bit-international-whql.exe 2014-07-11 02:06 - 2014-07-11 01:27 - 193952192 _____ () C:\Users\Calvin\Downloads\win7x64_hda(296.79).exe 2014-07-11 01:47 - 2014-07-11 20:02 - 30181304 _____ (Lenovo Group Limited ) C:\Users\Public\Documents\6hgx79ww.exe 2014-07-11 01:47 - 2014-07-11 01:47 - 00369200 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\osfj09ww.exe 2014-07-11 01:47 - 2014-07-11 01:40 - 30181304 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\6hgx79ww.exe 2014-07-11 01:40 - 2014-07-11 01:34 - 24272696 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1f814ww.exe 2014-07-11 01:34 - 2014-07-11 01:26 - 42181800 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\girc11ww.exe 2014-07-11 01:27 - 2014-07-11 01:25 - 11788560 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1c814ww.exe 2014-07-11 01:26 - 2014-07-11 01:25 - 03901936 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\ggca22ww.exe 2014-07-11 01:26 - 2014-07-11 01:25 - 03770024 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1rf42ww.exe 2014-07-11 01:26 - 2014-07-11 01:25 - 03449040 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1ss01ww.exe 2014-07-11 01:26 - 2014-07-11 01:25 - 02035792 _____ (Lenovo Group Limited ) C:\Users\Calvin\Downloads\g1ic09ww.exe 2014-07-11 01:02 - 2014-07-11 01:02 - 02195811 _____ () C:\Users\Calvin\Downloads\hw64_440.zip 2014-07-10 03:23 - 2014-07-10 01:23 - 3268683776 _____ () C:\Users\Calvin\Downloads\de_windows_7_sp1_x64.iso 2014-07-10 02:40 - 2014-07-10 02:40 - 00370943 _____ () C:\Users\Calvin\Downloads\gmer.zip 2014-07-10 02:35 - 2014-07-10 02:35 - 00380416 _____ () C:\Users\Calvin\Downloads\315zdd9w.exe 2014-07-09 00:22 - 2014-07-09 00:21 - 32878592 _____ () C:\Users\Calvin\Downloads\g5uj22us.iso 2014-07-08 22:19 - 2012-08-16 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-08 22:19 - 2012-08-16 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 22:19 - 2012-08-16 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-08 21:12 - 2014-07-08 21:12 - 00407279 _____ () C:\Users\Calvin\Downloads\glas_grub_theme.tar.gz 2014-07-07 21:13 - 2014-07-07 21:02 - 110057237 _____ () C:\Users\Calvin\Downloads\Strass on Mass.zip 2014-07-06 20:28 - 2014-07-06 20:28 - 00002014 _____ () C:\counter.tcl 2014-07-06 19:23 - 2013-09-13 20:03 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-06 19:20 - 2013-02-14 21:00 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-06 19:20 - 2012-08-20 16:47 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-06 19:08 - 2014-07-06 19:08 - 00000000 ____D () C:\Windows\system32\SPReview Some content of TEMP: ==================== C:\Users\Calvin\AppData\Local\Temp\cpuz165.exe C:\Users\Calvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsbodfb.dll C:\Users\Calvin\AppData\Local\Temp\DrvInst64.exe C:\Users\Calvin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Calvin\AppData\Local\Temp\KillMcsWindow.exe C:\Users\Calvin\AppData\Local\Temp\lfzlsg.exe C:\Users\Calvin\AppData\Local\Temp\pyl2DE3.tmp.exe C:\Users\Calvin\AppData\Local\Temp\Quarantine.exe C:\Users\Calvin\AppData\Local\Temp\rdnbvw.exe C:\Users\Calvin\AppData\Local\Temp\rtkxkp.exe C:\Users\Calvin\AppData\Local\Temp\sfamcc00001.dll C:\Users\Calvin\AppData\Local\Temp\sfareca00001.dll C:\Users\Calvin\AppData\Local\Temp\sfextra.dll C:\Users\Calvin\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\Calvin\AppData\Local\Temp\SkypeSetup.exe C:\Users\Calvin\AppData\Local\Temp\thpmfd.exe C:\Users\Calvin\AppData\Local\Temp\tnbrrd.exe C:\Users\Calvin\AppData\Local\Temp\ubiED5.tmp.exe C:\Users\Calvin\AppData\Local\Temp\uninst.exe C:\Users\Calvin\AppData\Local\Temp\_is7085.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 18:39 ==================== End Of Log ============================ Addition.txt, Gmer.log, MBAM- und AdwCleanerlogs befinden sich im Anhang, da der Post sonst zu lang wäre. Das sollte alles sein. Ich hoffe, dass ich nichts vergessen habe, wenn doch, bitte bescheid geben. Ich bedanke mich schon mal im Vorraus für eure Antworten! Liebe Grüße, poflar |
|
02.08.2014, 19:27
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.08.2014, 19:42
| #3 |
| | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Okay, kein Problem.
__________________anti-malware-protection-02.08.2014.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 02.08.2014 13:49:34, SYSTEM, SCABA-PC, Protection, Malware Protection, Starting, Protection, 02.08.2014 13:49:34, SYSTEM, SCABA-PC, Protection, Malware Protection, Started, Protection, 02.08.2014 13:49:34, SYSTEM, SCABA-PC, Protection, Malicious Website Protection, Starting, Protection, 02.08.2014 13:49:34, SYSTEM, SCABA-PC, Protection, Malicious Website Protection, Started, Update, 02.08.2014 13:49:47, SYSTEM, SCABA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.8.1.1, Update, 02.08.2014 13:49:51, SYSTEM, SCABA-PC, Manual, Malware Database, 2014.3.4.9, 2014.8.2.2, Protection, 02.08.2014 13:49:52, SYSTEM, SCABA-PC, Protection, Refresh, Starting, Protection, 02.08.2014 13:49:52, SYSTEM, SCABA-PC, Protection, Malicious Website Protection, Stopping, Protection, 02.08.2014 13:49:52, SYSTEM, SCABA-PC, Protection, Malicious Website Protection, Stopped, Protection, 02.08.2014 13:49:55, SYSTEM, SCABA-PC, Protection, Refresh, Success, Protection, 02.08.2014 13:49:55, SYSTEM, SCABA-PC, Protection, Malicious Website Protection, Starting, Protection, 02.08.2014 13:49:55, SYSTEM, SCABA-PC, Protection, Malicious Website Protection, Started, Protection, 02.08.2014 14:10:26, SYSTEM, SCABA-PC, Protection, Malware Protection, Starting, Protection, 02.08.2014 14:10:26, SYSTEM, SCABA-PC, Protection, Malware Protection, Started, Protection, 02.08.2014 14:10:26, SYSTEM, SCABA-PC, Protection, Malicious Website Protection, Starting, Protection, 02.08.2014 14:10:44, SYSTEM, SCABA-PC, Protection, Malicious Website Protection, Started, (end) anti-malware-02.08.2014.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 02.08.2014 Scan Time: 13:50:21 Logfile: anti-malware-02.08.2014.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.02.02 Rootkit Database: v2014.08.01.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Calvin Scan Type: Threat Scan Result: Completed Objects Scanned: 329150 Time Elapsed: 9 min, 12 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [e4e606bb7efd61d59e767283b44e5ba5], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) AdwCleaner[S0].txt: Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 02/08/2014 um 14:09:02
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : Calvin - SCABA-PC
# Gestartet von : C:\Users\Calvin\Downloads\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\NCH Software
Datei Gelöscht : C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\searchplugins\Askcom.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Conduit
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
*************************
AdwCleaner[R0].txt - [2207 octets] - [02/08/2014 14:04:50]
AdwCleaner[S0].txt - [2078 octets] - [02/08/2014 14:09:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2138 octets] ##########
AdwCleaner[R0].txt: Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 02/08/2014 um 14:04:50
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : Calvin - SCABA-PC
# Gestartet von : C:\Users\Calvin\Downloads\adwcleaner_3.302.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\NCH Software
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");
Zeile gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
*************************
AdwCleaner[R0].txt - [2063 octets] - [02/08/2014 14:04:50]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2123 octets] ##########
Gmer.log: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-02 15:35:20
Windows 6.1.7600 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-4 SanDisk_SSD_U100_128GB rev.1.0.0 119,24GB
Running: ncynph9p.exe; Driver: C:\Users\Calvin\AppData\Local\Temp\ugloypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\hasplms.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Windows\system32\hasplms.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071981a22 2 bytes [98, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071981ad0 2 bytes [98, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071981b08 2 bytes [98, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071981bba 2 bytes [98, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2612] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071981bda 2 bytes [98, 71]
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2660] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2660] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
? C:\Windows\system32\iertutil.dll [2792] entry point in ".rdata" section 0000000075775251
.text C:\Windows\SysWOW64\vmnat.exe[1904] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 00000000737313c6 2 bytes [73, 73]
.text C:\Windows\SysWOW64\vmnat.exe[1904] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 00000000737313f6 2 bytes [73, 73]
.text C:\Windows\SysWOW64\vmnat.exe[1904] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 00000000737314ad 2 bytes [73, 73]
.text C:\Windows\SysWOW64\vmnat.exe[1904] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 00000000737314db 2 bytes [73, 73]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[1904] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000073731577 2 bytes [73, 73]
.text C:\Windows\SysWOW64\vmnat.exe[1904] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 00000000737315d7 2 bytes [73, 73]
.text C:\Windows\SysWOW64\vmnat.exe[1904] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000073731794 2 bytes [73, 73]
.text C:\Windows\SysWOW64\vmnat.exe[1904] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 00000000737318c1 2 bytes [73, 73]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3756] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[3756] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4844] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4844] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[5052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe[5052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
.text C:\Program Files (x86)\SpeedFan\speedfan.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Program Files (x86)\SpeedFan\speedfan.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[8144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075821465 2 bytes [82, 75]
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[8144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758214bb 2 bytes [82, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2476] 00000000778b3e59
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2484] 00000000778b2e3e
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2496] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2500] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2504] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2508] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2512] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2516] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2520] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2528] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2532] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2540] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2768] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2772] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2776] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2820] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2828] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2832] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2836] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2840] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2844] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2860] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2900] 00000000778b3e59
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:3040] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:2488] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:3112] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:3276] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:6772] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:6728] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:6792] 00000000704429e1
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2408:4708] 00000000704429e1
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5388:6316] 000007fefba82a88
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5388:4524] 000007fee6c3c0b0
---- Processes - GMER 2.1 ----
Library C:\Users\Calvin\AppData\Local\Temp\sfareca00001.dll (*** suspicious ***) @ C:\Program Files (x86)\SpeedFan\speedfan.exe [4932](2014-08 000000006e2a0000
Library C:\Users\Calvin\AppData\Local\Temp\sfamcc00001.dll (*** suspicious ***) @ C:\Program Files (x86)\SpeedFan\speedfan.exe [4932](2013-08-2 00000000038d0000
---- EOF - GMER 2.1 ----
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Calvin at 2014-08-02 14:56:54
Running from C:\Users\Calvin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Advanced IP Scanner (HKLM-x32\...\{DA5DEB6B-E108-4652-BFEC-C9B95446F244}) (Version: 2.2.224 - Famatech)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2013.1008.932.15229 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArKaos GrandVJ 2 (HKLM-x32\...\{8D28AA63-9F17-4F23-9293-D88E35F66557}) (Version: 2.0.1 - ArKaos)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
Assassin's Creed III - Complete Edition (HKLM-x32\...\{8B8E431A-A079-4D81-A353-D64BC01E209D}_is1) (Version: 1.05 - RAF)
Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
ASUS Xonar DSX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
ASUS Xonar U1 Audio (HKLM\...\C-Media CM112 Like Sound Driver) (Version: - )
ATI AVIVO64 Codecs (Version: 11.6.0.50706 - ATI Technologies Inc.) Hidden
ATITool Overclocking Utility (HKLM-x32\...\ATITool) (Version: 0.26 - )
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blender (HKLM\...\Blender) (Version: 2.66a - Blender Foundation)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.8 - BlueJ Team)
Bome's Virtual MIDI Port 1.0.0.11 (HKLM-x32\...\BMIDI_Driver1.0.0.11_is1) (Version: - Bome Software GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\{F7FD4BFB-6E3D-4CCE-B71E-281EB2CEDD35}_is1) (Version: 1.7.0 - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BrickStore (HKLM-x32\...\{07EA0F88-8E8F-11D9-8BDE-F66BAD1E3F3A}) (Version: 1.1.16 - softforge.de)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
City Bus Simulator 2010 - New York (HKLM-x32\...\{0190000A-A5F5-41EE-9E20-BE784015214C}) (Version: 1.20 - TML-Studios)
City Bus Simulator 2010 - Regiobus Usedom (HKLM-x32\...\{1E24084C-1619-46A3-940A-6A827D3F1404}) (Version: 1.10 - TML-Studios)
CLICK and LEARN (HKCU\...\2822624237.www.click-learn.info) (Version: - www.click-learn.info)
Clonk Rage (HKLM-x32\...\Clonk Rage) (Version: - RedWolf Design GmbH)
CodeMeter Runtime Kit v5.00b (HKLM\...\{11BA59A6-23B0-4F80-9EC0-0075CA4CAD5E}) (Version: 5.00.1067.502 - WIBU-SYSTEMS AG)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daslight Virtual Controller 3 (HKLM-x32\...\Daslight Virtual Controller 3_is1) (Version: - Daslight)
Die Schlacht um Mittelerde(tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
DirectWave (HKLM-x32\...\DirectWave) (Version: - Image-Line)
DMXControl 2.11 (HKLM-x32\...\DMXControl) (Version: 2.11 - PopSoft)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Druckerdeinstallation für EPSON BX535WD Series (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation)
DX10 (HKLM-x32\...\DX10) (Version: - Image-Line bvba)
Edison (HKLM-x32\...\Edison) (Version: - Image-Line bvba)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
FL Studio 10.9 (HKLM-x32\...\FL Studio 10.9) (Version: - Image-Line)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
FreeStyler (HKLM-x32\...\FreeStyler_is1) (Version: - Raphaël Wellekens)
FTL - Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.2.0.12 - GOG.com)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Git version 1.9.2-preview20140411 (HKLM-x32\...\Git_is1) (Version: 1.9.2-preview20140411 - The Git Development Community)
grandMA2 onPC 2.9.0.7 (HKLM-x32\...\grandMA2 onPC 2.9.0.7) (Version: - )
Hardcore (HKLM-x32\...\Hardcore) (Version: - Image-Line bvba)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
HydraVision (x32 Version: 4.2.174.0 - ATI Technologies Inc.) Hidden
IL Autogun (HKLM-x32\...\IL Autogun) (Version: - Image-Line bvba)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL DrumSynth Live (HKLM-x32\...\IL DrumSynth Live) (Version: - Image-Line bvba)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version: - Image-Line bvba)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version: - Image-Line bvba)
IL Ogun (HKLM-x32\...\IL Ogun) (Version: - Image-Line bvba)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version: - Image-Line bvba)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version: - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
Java SE Development Kit 7 Update 9 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
Java SE Development Kit 7 Update 9 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170090}) (Version: 1.7.0.90 - Oracle)
King Arthur's Gold (HKLM-x32\...\{643B056F-61C1-4489-9797-4D846D101A7A}) (Version: 0.95.428.0 - THD)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LEGO MARVEL Super Heroes (HKLM-x32\...\LEGO MARVEL Super Heroes_is1) (Version: - Warner Bros. Games)
LEGO Star Wars III The Clone Wars (HKLM-x32\...\LEGO Star Wars III The Clone Wars) (Version: 1.0 - LucasArts)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden
LumiDMX V4 (HKLM-x32\...\{0479BBB1-1111-435B-8E0A-838C6CE6EA5B}_is1) (Version: - FreeStylers Innovations GmbH)
Magic 3D Easy View (HKLM-x32\...\Magic 3D Easy View_is1) (Version: - Nicolaudie)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Martin Driver Package (HKLM\...\{5A468992-C111-4250-9E80-DB446DD50DF7}) (Version: 11.20.450.0 - Martin Professional A/S)
Martin M-Series Manager 1.6.8.428 (HKLM-x32\...\Martin M-Series Manager_is1) (Version: - Martin Professional A/S)
Maximus (HKLM-x32\...\Maximus) (Version: - Image-Line bvba)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MAXXYZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Morphine (HKLM-x32\...\Morphine) (Version: - Image-Line bvba)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mumble 1.2.7 (HKLM-x32\...\{FEFBBD52-B304-4D81-9DF8-E19C1373AC30}) (Version: 1.2.7 - Thorvald Natvig)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Controller Editor (Version: 1.3.4.630 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.2.5.596 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: - Native Instruments)
Native Instruments Traktor 2 (Version: 2.0.1.10169 - Native Instruments) Hidden
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version: - )
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.7 - )
Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Octoshape Streaming Services (HKCU\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenClonk Beyond the Rocks (HKLM-x32\...\{5951B911-6CB6-4FC0-86E8-08DE63131173}) (Version: - OpenClonk Development Team)
OpenClonk Beyond the Rocks (HKLM-x32\...\{8E592450-F0D9-4317-A9D2-7397FCF74782}) (Version: - OpenClonk Development Team)
OpenClonk Beyond the Rocks (HKLM-x32\...\{D242A48C-A4A9-44F1-8B33-43E0D7CB25AE}) (Version: - OpenClonk Development Team)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PC_DIMMER2012 (HKLM-x32\...\PC_DIMMER2012_is1) (Version: - Dipl.-Ing. M.Sc. Christian Nöding)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line)
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version: - Password Unlocker Studio)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Re-Volt patch 12.07 (HKLM-x32\...\Re-Volt) (Version: patch 12.07 - )
Rise of the Witch King Unofficial Patch 2.02 (HKCU\...\Rise of the Witch King Unofficial Patch 2.02) (Version: - )
Sakura (HKLM-x32\...\Sakura) (Version: - Image-Line)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Sawer (HKLM-x32\...\Sawer) (Version: - Image-Line)
SHOUTcast DNAS (remove only) (HKLM-x32\...\SCDNAS) (Version: - )
SHOUTcast DNAS Server v2 (HKLM-x32\...\SHOUTcast) (Version: - )
SimSynth (HKLM-x32\...\SimSynth) (Version: - Image-Line bvba)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.24.8 (HKLM\...\{F31F1F66-5685-4C21-906E-20CB74C7BCDF}) (Version: 7.0.24.8 - Mad Catz)
Sophos Anti-Rootkit 1.5.0 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SRWare Iron Version SRWare Iron 32.0.1750.1 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 32.0.1750.1 - SRWare)
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version: - Cryptic Studios)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sytrus (HKLM-x32\...\Sytrus) (Version: - Image-Line)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
The Orange Box (HKLM-x32\...\{9EF7918F-6283-48D4-8648-9FE84BE9FB41}) (Version: 1.00.0000 - Valvesoftware)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
tools-freebsd (x32 Version: 8.8.2.703057 - VMware, Inc.) Hidden
tools-linux (x32 Version: 8.8.2.703057 - VMware, Inc.) Hidden
tools-netware (x32 Version: 8.8.2.703057 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 8.8.2.703057 - VMware, Inc.) Hidden
tools-windows (x32 Version: 8.8.2.703057 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 8.8.2.703057 - VMware, Inc.) Hidden
TortoiseGit 1.8.8.0 (64 bit) (HKLM\...\{D44A021F-B8A7-4F57-935D-45F807634F4F}) (Version: 1.8.8.0 - TortoiseGit)
TortoiseSVN 1.8.2.24708 (64 bit) (HKLM\...\{D0DC3918-460D-4229-811E-41F22D0CD7E9}) (Version: 1.8.24708 - TortoiseSVN)
TouchOSC Bridge version 1.2.0 (HKLM-x32\...\TouchOSC Bridge_is1) (Version: 1.2.0 - )
TreeSize Free V2.4 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.4 - JAM Software)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
UltraMon (HKLM\...\{ED7FE81C-378C-411D-B5B4-509B978BA204}) (Version: 3.2.1 - Realtime Soft Ltd)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
Video DVD Maker v3.32.0.80 (HKLM-x32\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version: - )
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.3.29699 - VMware, Inc)
VMware Workstation (x32 Version: 8.0.3.29699 - VMware, Inc.) Hidden
VNC Server 5.2.0 (HKLM\...\{30F8A5EC-1BA9-459B-82F6-F364132D2324}) (Version: 5.2.0 - RealVNC Ltd)
VNC Viewer 5.2.0 (HKLM\...\{7F6A0AFE-6D55-4E4F-9806-3D798CDF8283}) (Version: 5.2.0 - RealVNC Ltd)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Driver Package - Acer, Inc (androidusb) USB (12/20/2011 1.0.0010.00000) (HKLM\...\3A22385941281AFEE4CDB6EE09AB8D0BF418CE17) (Version: 12/20/2011 1.0.0010.00000 - Acer, Inc)
Windows Driver Package - Linux Developer Community Net (12/08/2011 5.1.2600.2781) (HKLM\...\AAA1ACCA6262EC232B355F1427BDDE4D745AFBC1) (Version: 12/08/2011 5.1.2600.2781 - Linux Developer Community)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Das (WinUSB) USB (12/14/2011 1.4) (HKLM\...\883C6F371CE9B23C1CF864201BD5C4BBCA440808) (Version: 12/14/2011 1.4 - Das)
Windows-Treiberpaket - Das USB (09/20/2010 1.6.0) (HKLM\...\3CAABDB4D5E19760A561BDB6506A3E8432AE8457) (Version: 09/20/2010 1.6.0 - Das)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version: - Wargaming.net)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version: - )
X-Chat 2.8.6-2 (HKLM-x32\...\X-Chat 2_is1) (Version: 2.8.6-2 - SilvereX)
YGOPro DevPro Version 1.8.4 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.8.4 - YGOPro DevPro Online)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> D:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2228607034-3531564096-2891963439-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
01-08-2014 18:57:51 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2012-12-09 20:59 - 00000922 ____A C:\Windows\system32\Drivers\etc\hosts
192.168.1.150 mailserver.scaba
192.168.1.127 ubuntu.scaba
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {4BC0A67A-6BF2-4B3A-A65A-B928219C4CA3} - System32\Tasks\{319EA76E-3178-44C2-8F12-355A7E064259} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111.259&LastError=404
Task: {6D8C11D4-BA61-49B0-902B-5C1EF95DC296} - System32\Tasks\{41CA5C76-EB9D-4451-AA24-0428E5DE5A8B} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.111.259/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {A5161C00-E23C-4937-A581-C25DB772499C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-10-08 10:35 - 2013-10-08 10:35 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 15:41 - 2012-10-22 15:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 15:42 - 2012-10-22 15:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-05-11 20:49 - 2013-05-11 20:49 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-27 23:00 - 2013-08-27 23:00 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-08-27 22:59 - 2013-08-27 22:59 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2014-04-01 18:05 - 2014-04-01 18:05 - 00737128 _____ () C:\Program Files\TortoiseGit\bin\libgit2_tgit.dll
2014-04-01 18:05 - 2014-04-01 18:05 - 00087400 _____ () C:\Program Files\TortoiseGit\bin\zlib1_tgit.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-21 14:40 - 2014-04-11 14:40 - 00736450 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-04-12 20:59 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-12-24 23:36 - 2008-07-11 16:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2012-12-24 23:36 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2012-04-30 20:53 - 2012-04-30 20:53 - 11839488 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2012-10-16 11:39 - 2012-10-16 11:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-10-08 10:34 - 2013-10-08 10:34 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-08-28 09:43 - 2013-08-17 17:06 - 00479232 _____ () C:\Program Files (x86)\xchat\xchat.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-27 22:05 - 2013-08-27 22:05 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-08-27 22:04 - 2013-08-27 22:04 - 00070896 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-04-01 17:56 - 2014-04-01 17:56 - 00553320 _____ () C:\Program Files\TortoiseGit\bin\libgit232_tgit.dll
2014-04-01 17:57 - 2014-04-01 17:57 - 00076648 _____ () C:\Program Files\TortoiseGit\bin\zlib132_tgit.dll
2012-04-30 20:29 - 2012-04-30 20:29 - 01222656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2013-01-05 15:21 - 2011-06-02 19:12 - 00143360 ____N () C:\Program Files\ASUS Xonar DSX Audio\Customapp\VmixP8.dll
2014-08-02 14:10 - 2014-08-02 14:10 - 00043008 _____ () c:\users\calvin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsbodfb.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Calvin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-02 12:44 - 2014-08-02 14:10 - 00158720 _____ () C:\Users\Calvin\AppData\Local\Temp\sfareca00001.dll
2013-08-28 19:50 - 2014-08-02 14:10 - 00192512 _____ () C:\Users\Calvin\AppData\Local\Temp\sfamcc00001.dll
2010-08-28 09:44 - 2010-08-28 09:44 - 00483328 _____ () C:\Program Files (x86)\xchat\minigtk.dll
2007-02-27 04:10 - 2007-02-27 04:10 - 00007680 _____ () C:\Program Files (x86)\xchat\plugins\xcdns.dll
2007-10-05 05:14 - 2007-10-05 05:14 - 00006144 _____ () C:\Program Files (x86)\xchat\plugins\xcexec.dll
2010-08-28 07:00 - 2010-08-28 07:00 - 00017920 _____ () C:\Program Files (x86)\xchat\plugins\xcperl.dll
2010-08-28 06:42 - 2010-08-28 06:42 - 00005120 _____ () C:\Program Files (x86)\xchat\plugins\xcpython.dll
2014-08-01 22:03 - 2014-08-01 22:03 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2014-06-11 23:28 - 2014-06-11 23:28 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 23:28 - 2014-06-11 23:28 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 23:28 - 2014-06-11 23:28 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Broadcom 802.11g Network Adapter
Description: Broadcom 802.11g Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/02/2014 02:10:38 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not accepting connections: failed to listen on at least one transport.
Error: (08/02/2014 02:10:38 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not listening on IPv4: bind: Normalerweise darf jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden. (10048)
Error: (08/02/2014 02:10:38 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not accepting connections: failed to listen on at least one transport.
Error: (08/02/2014 02:10:38 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not listening on IPv4: bind: Normalerweise darf jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden. (10048)
Error: (08/02/2014 02:10:38 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not accepting connections: failed to listen on at least one transport.
Error: (08/02/2014 02:10:38 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not listening on IPv4: bind: Normalerweise darf jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden. (10048)
Error: (08/02/2014 02:10:38 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not accepting connections: failed to listen on at least one transport.
Error: (08/02/2014 02:10:38 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not listening on IPv4: bind: Normalerweise darf jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden. (10048)
Error: (07/19/2014 04:50:41 AM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not accepting connections: failed to listen on at least one transport.
Error: (07/19/2014 04:50:41 AM) (Source: VNC Server) (EventID: 256) (User: )
Description: TcpListenerManager: not listening on IPv4: bind: Normalerweise darf jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden. (10048)
System errors:
=============
Error: (08/02/2014 02:10:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
hwinterfacex64
Error: (08/02/2014 02:10:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/02/2014 00:42:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
hwinterfacex64
Error: (08/02/2014 00:42:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/01/2014 08:56:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/01/2014 08:55:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
hwinterfacex64
Error: (08/01/2014 08:55:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/19/2014 03:25:55 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (07/18/2014 02:16:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
hwinterfacex64
Error: (07/18/2014 02:15:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (03/04/2013 01:54:57 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6219.1000. This session lasted 6141 seconds with 4860 seconds of active time. This session ended with a crash.
Error: (03/04/2013 00:12:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6219.1000. This session lasted 31703 seconds with 5640 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-08-02 14:10:14.064
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-02 14:10:14.017
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-02 12:42:13.502
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-02 12:42:13.456
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-01 20:55:27.610
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-01 20:55:27.563
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-18 14:15:48.002
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-18 14:15:47.970
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-17 13:12:35.175
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-17 13:12:35.128
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 12285.55 MB
Available physical RAM: 9026.8 MB
Total Pagefile: 24569.25 MB
Available Pagefile: 21049.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.24 GB) (Free:7.73 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:57.96 GB) NTFS
Drive e: () (Fixed) (Total:294.02 GB) (Free:57.98 GB) NTFS
Drive f: () (Fixed) (Total:596.17 GB) (Free:125.39 GB) NTFS
Drive g: (Yamaha_YF236A0) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 6F2ECE3D)
Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1DE137DF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 596 GB) (Disk ID: 00066B34)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
03.08.2014, 07:01
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.08.2014, 19:22
| #5 |
| | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Hi schrauber, ich bin bis zum 11.08.2014 nicht mehr erreichbar. Sobald ich wieder da bin, führe ich den Scan mit Combofix durch und poste das Ergebnis dann hier. |
|
04.08.2014, 10:25
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] ok
__________________ --> Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] |
|
11.08.2014, 15:39
| #7 |
| | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Soo, ich bin wieder da und habe Combofix durchlaufen lassen. Code:
ATTFilter ComboFix 14-08-06.02 - Calvin 11.08.2014 15:53:16.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.12286.9102 [GMT 2:00]
ausgeführt von:: c:\users\Calvin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
c:\users\Calvin\AppData\Local\Temp\sfamcc00001.dll
c:\users\Calvin\AppData\Local\Temp\sfareca00001.dll
c:\users\Calvin\AppData\Roaming\technic-launcher.jar
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\SysWow64\drivers\hwinterface.sys
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-11 bis 2014-08-11 ))))))))))))))))))))))))))))))
.
.
2014-08-11 14:02 . 2014-08-11 14:02 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-08-11 14:02 . 2014-08-11 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-10 19:13 . 2014-05-03 14:58 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEB82C95-A667-4D7E-B671-B735EB94DE8D}\gapaengine.dll
2014-08-10 19:12 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73A909AE-F88F-4C52-A696-319E9AE80DCF}\mpengine.dll
2014-08-02 13:07 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-02 12:55 . 2014-08-02 12:57 -------- d-----w- C:\FRST
2014-08-02 12:04 . 2014-08-02 12:51 -------- d-----w- C:\AdwCleaner
2014-08-02 11:49 . 2014-08-11 14:05 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-02 11:49 . 2014-08-02 11:49 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-08-02 11:49 . 2014-08-02 11:49 -------- d-----w- c:\programdata\Malwarebytes
2014-08-02 11:49 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-02 11:49 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-02 11:49 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-01 18:56 . 2014-08-01 18:56 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-07-18 22:44 . 2014-07-18 22:44 -------- d-----w- c:\program files (x86)\NAVIGON
2014-07-18 15:34 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2014-07-18 15:21 . 2014-07-18 15:21 -------- d-----w- c:\users\Calvin\AppData\Local\WBFSManager
2014-07-15 19:45 . 2014-07-15 20:25 164 ----a-w- c:\users\Calvin\advanced_ip_scanner_MAC.bin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 20:19 . 2012-08-16 16:27 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 20:19 . 2012-08-16 16:27 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-06 17:20 . 2012-08-20 14:47 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-06 21:58 . 2014-06-06 21:58 1900544 ----a-w- C:\GIDL_Race.zip
2014-06-03 08:51 . 2014-06-22 17:28 37704 ----a-w- c:\windows\system32\VNCpm.dll
2014-06-03 08:51 . 2014-06-03 08:51 4608 ----a-w- c:\windows\system32\drivers\vncmirror.sys
2014-06-03 08:51 . 2014-06-03 08:51 26112 ----a-w- c:\windows\system32\vncmirror.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2012-10-25 241280]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-07-06 393216]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2012-10-25 241280]
"EPLTarget\P0000000000000002"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE" [2012-10-25 241280]
"Octoshape Streaming Services"="c:\users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-04-30 103536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
.
c:\users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2013-3-15 4683768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2013-5-14 8487288]
UltraMon.lnk - c:\windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico /auto [2012-9-23 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 hwinterfacex64;hwinterfacex64;c:\windows\system32\Drivers\hwinterfacex64.sys;c:\windows\SYSNATIVE\Drivers\hwinterfacex64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Calvin\AppData\Local\Temp\ALSysIO64.sys;c:\users\Calvin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 ASUSU1;ASUS Xonar U1 Audio Interface;c:\windows\system32\drivers\cm11264.sys;c:\windows\SYSNATIVE\drivers\cm11264.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66x64.sys;c:\windows\SYSNATIVE\Drivers\hcw66x64.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C75.tmp;c:\windows\SYSNATIVE\C75.tmp [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 okdmx31;OksiD DMX 3/1 interface;c:\windows\system32\Drivers\okdmx31.sys;c:\windows\SYSNATIVE\Drivers\okdmx31.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 zlportio;zlportio;d:\program files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys;d:\program files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 MSSQL$MAXXYZ;SQL Server (MAXXYZ);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncservice.exe vncserver;c:\program files\RealVNC\VNC Server\vncservice.exe vncserver [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 bomebus;Bome's Virtual MIDI Port Bus Service;c:\windows\system32\DRIVERS\bomebus.sys;c:\windows\SYSNATIVE\DRIVERS\bomebus.sys [x]
S3 bomemidi;Bome's Virtual MIDI Port;c:\windows\system32\drivers\bomemidi.sys;c:\windows\SYSNATIVE\drivers\bomemidi.sys [x]
S3 cmudaxp;ASUS Xonar DSX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1708.sys [x]
S3 SaiU1708;SaiU1708;c:\windows\system32\DRIVERS\SaiU1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1708.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 20:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"Cm112Sound"="c:\windows\Syswow64\cm112.dll" [2011-05-12 8769536]
"Cm112GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cm112GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-01-31 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-01-31 158208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://youtube.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\
FF - prefs.js: browser.startup.homepage - hxxps://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-NM Monitor - c:\users\Calvin\Desktop\nmmonitor\nmmonitor.exe
HKLM-Run-tvncontrol - c:\program files\TightVNC\tvnserver.exe
AddRemove-SCDNAS - d:\program files (x86)\SHOUTcast\uninst-dnas.exe
AddRemove-SHOUTcast - d:\program files (x86)\SHOUTcast\uninstall_shoutcast-dnas-v2.exe
AddRemove-WBFS Manager 3.0 - f:\wbfs manager 3.0\uninstall.exe
AddRemove-X-Chat 2_is1 - c:\program files (x86)\X-Chat 2\unins000.exe
AddRemove-2822624237.www.click-learn.info - c:\program files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
AddRemove-Rise of the Witch King Unofficial Patch 2.02 - d:\program files (x86)\Electronic Arts\Aufstieg des Hexenkönigs\Uninstal.exe
AddRemove-UnityWebPlayer - c:\users\Calvin\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C75.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\Tablet\Pen\WacomHost.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files\ASUS Xonar DSX Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-11 16:27:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-11 14:27
.
Vor Suchlauf: 19 Verzeichnis(se), 11.863.445.504 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 13.136.965.632 Bytes frei
.
- - End Of File - - 3322252A271D28D73C66350F50BB1D54
23B571400A29918F5392F6E85EEB756E
|
|
11.08.2014, 21:17
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.08.2014, 13:01
| #9 |
| | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.08.2014 Suchlauf-Zeit: 23:04:44 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.11.08 Rootkit Datenbank: v2014.08.04.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Calvin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 337699 Verstrichene Zeit: 6 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner: Code:
ATTFilter # AdwCleaner v3.304 - Bericht erstellt am 12/08/2014 um 00:36:09
# Aktualisiert 08/08/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : Calvin - SCABA-PC
# Gestartet von : C:\Users\Calvin\Downloads\adwcleaner_3.304.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2207 octets] - [02/08/2014 14:04:50]
AdwCleaner[R1].txt - [946 octets] - [12/08/2014 00:35:44]
AdwCleaner[S0].txt - [2218 octets] - [02/08/2014 14:09:02]
AdwCleaner[S1].txt - [868 octets] - [12/08/2014 00:36:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [927 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by Calvin on 12.08.2014 at 13:49:04,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3ECE6F49-2F9A-4025-80B3-1C061BA48288}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\Calvin\AppData\Roaming\mozilla\firefox\profiles\7ytxa8c6.default\minidumps [244 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.08.2014 at 13:51:16,58
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01 Ran by Calvin (administrator) on SCABA-PC on 12-08-2014 13:55:11 Running from C:\Users\Calvin\Desktop Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe () C:\Windows\SysWOW64\HsMgr.exe () C:\Windows\system\HsMgr64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (CMedia) C:\Program Files\ASUS Xonar DSX Audio\Customapp\AsusAudioCenter.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (Octoshape ApS) C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe (Dropbox, Inc.) C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [Cm112Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm112.dll,CMICtrlWnd HKLM\...\Run: [Cm112GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cm112GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-01-31] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-01-31] (Saitek) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2012-04-30] (VMware, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-07-06] (AMD) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico () Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://youtube.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB14AAF175F74CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default FF Homepage: https://google.de FF NetworkProxy: "backup.ftp", "" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "127.0.0.1" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Calvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Calvin\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Shumway - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\shumway@research.mozilla.org [2014-08-10] FF Extension: Classic Theme Restorer - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11] FF Extension: ClipConverter - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\clipconverter@clipconverter.cc.xpi [2014-02-15] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-10-07] FF Extension: Ghostery - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\firefox@ghostery.com.xpi [2013-08-16] FF Extension: HTTP Header Mangler - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\se.patriarkatet.firefox.extensions.httpheadermangler@jetpack.xpi [2014-07-17] FF Extension: YOURLS shortener - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\yourls-shortener@binfalse.de.xpi [2013-10-26] FF Extension: NoScript - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-07] FF Extension: Adblock Plus - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-16] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R2 MSSQL$MAXXYZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-03-09] (Native Instruments GmbH) [File not signed] S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-05-11] () S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC) R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-04-30] (VMware, Inc.) [File not signed] R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-04-30] () [File not signed] R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-06-05] (Google Inc) S3 ASUSU1; C:\Windows\System32\drivers\cm11264.sys [1308160 2011-08-23] (C-Media Electronics Inc) R3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] () R3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [34376 2010-10-13] (Bome Software) R3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [30792 2010-10-13] (Bome Software) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc) S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.) S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2013-04-29] (Logix4u) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\Windows\system32\C75.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2013-04-29] () [File not signed] R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-02-01] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek) R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek) S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [105816 2012-09-13] (Oracle Corporation) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [266752 2013-01-10] (Jungo) S3 ALSysIO; \??\C:\Users\Calvin\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 hwinterface; System32\Drivers\hwinterface.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 zlportio; \??\D:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 13:54 - 2014-08-12 13:54 - 00000000 ____D () C:\Users\Calvin\Desktop\FRST-OlderVersion 2014-08-12 13:51 - 2014-08-12 13:51 - 00000996 _____ () C:\Users\Calvin\Desktop\JRT.txt 2014-08-12 13:48 - 2014-08-12 13:48 - 00000000 ____H () C:\ProgramData\cm-lock 2014-08-12 13:45 - 2014-08-12 13:45 - 01016261 _____ (Thisisu) C:\Users\Calvin\Desktop\JRT.exe 2014-08-12 13:45 - 2014-08-12 13:45 - 00000000 ____D () C:\Windows\ERUNT 2014-08-12 00:51 - 2014-08-12 00:51 - 00000000 ____D () C:\Users\Calvin\Desktop\oc2 2014-08-12 00:50 - 2014-08-12 00:51 - 59129459 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140807-9dd600c26b-win32-amd64-mingw.zip 2014-08-12 00:35 - 2014-08-12 00:35 - 01366203 _____ () C:\Users\Calvin\Downloads\adwcleaner_3.304.exe 2014-08-12 00:34 - 2014-08-12 00:34 - 00001142 _____ () C:\Users\Calvin\Desktop\mbam.txt 2014-08-12 00:31 - 2014-08-12 00:31 - 00001648 _____ () C:\Users\Calvin\Downloads\788siffl205tu0u.dlc 2014-08-11 16:27 - 2014-08-11 16:27 - 00036544 _____ () C:\ComboFix.txt 2014-08-11 15:52 - 2014-08-11 16:28 - 00000000 ____D () C:\Qoobox 2014-08-11 15:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-11 15:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-11 15:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-11 15:51 - 2014-08-11 16:19 - 00000000 ____D () C:\Windows\erdnt 2014-08-11 15:46 - 2014-08-11 15:46 - 05568206 ____R (Swearware) C:\Users\Calvin\Desktop\ComboFix.exe 2014-08-02 20:32 - 2014-08-02 20:32 - 00019007 _____ () C:\Users\Calvin\Downloads\logfiles.zip 2014-08-02 16:37 - 2014-08-02 16:37 - 00019007 _____ () C:\Users\Calvin\Desktop\logfiles.zip 2014-08-02 16:28 - 2014-08-02 16:28 - 00003029 _____ () C:\Users\Calvin\Desktop\MBAM_AdwCleaner_Logs.zip 2014-08-02 15:49 - 2014-08-02 15:50 - 06004615 _____ (Tim Kosse) C:\Users\Calvin\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-02 15:35 - 2014-08-02 15:35 - 00012927 _____ () C:\Users\Calvin\Desktop\Gmer.log 2014-08-02 14:56 - 2014-08-02 15:47 - 00063051 _____ () C:\Users\Calvin\Desktop\Addition.txt 2014-08-02 14:55 - 2014-08-12 13:55 - 00031491 _____ () C:\Users\Calvin\Desktop\FRST.txt 2014-08-02 14:55 - 2014-08-12 13:55 - 00000000 ____D () C:\FRST 2014-08-02 14:54 - 2014-08-02 14:54 - 00000474 _____ () C:\Users\Calvin\Desktop\defogger_disable.log 2014-08-02 14:54 - 2014-08-02 14:54 - 00000000 _____ () C:\Users\Calvin\defogger_reenable 2014-08-02 14:49 - 2014-08-02 14:49 - 00001640 _____ () C:\Users\Calvin\Desktop\anti-malware-protection-02.08.2014.txt 2014-08-02 14:49 - 2014-08-02 14:49 - 00001145 _____ () C:\Users\Calvin\Desktop\anti-malware-02.08.2014.txt 2014-08-02 14:46 - 2014-08-12 13:54 - 02099712 _____ (Farbar) C:\Users\Calvin\Desktop\FRST64.exe 2014-08-02 14:46 - 2014-08-02 14:46 - 00380416 _____ () C:\Users\Calvin\Desktop\ncynph9p.exe 2014-08-02 14:43 - 2014-08-02 14:44 - 00000000 ____D () C:\Users\Calvin\Desktop\altes_zeug 2014-08-02 14:43 - 2014-08-02 14:43 - 00050477 _____ () C:\Users\Calvin\Desktop\Defogger.exe 2014-08-02 14:09 - 2014-08-02 14:09 - 00002218 _____ () C:\Users\Calvin\Desktop\AdwCleaner[S0].txt 2014-08-02 14:04 - 2014-08-12 00:36 - 00000000 ____D () C:\AdwCleaner 2014-08-02 14:04 - 2014-08-02 14:05 - 00002207 _____ () C:\Users\Calvin\Desktop\AdwCleaner[R0].txt 2014-08-02 13:49 - 2014-08-12 13:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-02 13:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-02 13:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-02 13:48 - 2014-08-02 13:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-02 13:47 - 2014-08-02 13:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 22:03 - 2014-08-01 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-19 00:45 - 2014-07-19 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-07-19 00:44 - 2014-07-19 00:44 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-07-19 00:43 - 2014-07-19 00:43 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Calvin\Downloads\NAVIGON_Fresh_setup.exe 2014-07-18 23:00 - 2014-07-18 23:00 - 59516946 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-i386-mingw.zip 2014-07-18 22:59 - 2014-07-18 22:59 - 02053228 _____ () C:\Users\Calvin\Downloads\OCNightly32.zip 2014-07-18 22:55 - 2014-07-18 22:56 - 61311027 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-amd64-mingw.zip 2014-07-18 22:55 - 2014-07-18 22:55 - 05915686 _____ () C:\Users\Calvin\Downloads\mape-snapshot-20140713-bb96406262-win32-amd64-mingw.zip 2014-07-18 17:44 - 2014-07-18 17:44 - 07815799 _____ () C:\Users\Calvin\Downloads\wiibackupmanager_build78.zip 2014-07-18 17:21 - 2014-07-18 17:21 - 00000000 ____D () C:\Users\Calvin\AppData\Local\WBFSManager 2014-07-18 17:17 - 2014-07-18 17:59 - 00000000 ____D () C:\Users\Calvin\Documents\WBFS Manager Covers 2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager 2014-07-18 17:16 - 2014-07-18 17:16 - 02847970 _____ () C:\Users\Calvin\Downloads\WBFSManager3.0.1-RTW-x64.zip 2014-07-16 11:40 - 2014-07-16 11:40 - 00012848 _____ () C:\Users\Calvin\Downloads\config.bin 2014-07-15 21:45 - 2014-07-15 22:25 - 00000164 _____ () C:\Users\Calvin\advanced_ip_scanner_MAC.bin 2014-07-14 21:22 - 2014-07-14 21:22 - 16232960 _____ () C:\Users\Calvin\Downloads\mumble-1.2.7.msi ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-12 13:55 - 2014-08-02 14:55 - 00031491 _____ () C:\Users\Calvin\Desktop\FRST.txt 2014-08-12 13:55 - 2014-08-02 14:55 - 00000000 ____D () C:\FRST 2014-08-12 13:54 - 2014-08-12 13:54 - 00000000 ____D () C:\Users\Calvin\Desktop\FRST-OlderVersion 2014-08-12 13:54 - 2014-08-02 14:46 - 02099712 _____ (Farbar) C:\Users\Calvin\Desktop\FRST64.exe 2014-08-12 13:51 - 2014-08-12 13:51 - 00000996 _____ () C:\Users\Calvin\Desktop\JRT.txt 2014-08-12 13:51 - 2012-08-16 17:39 - 01229042 _____ () C:\Windows\WindowsUpdate.log 2014-08-12 13:49 - 2014-06-08 20:56 - 00000000 ____D () C:\Users\Calvin\AppData\Local\LogMeIn Hamachi 2014-08-12 13:49 - 2012-10-04 17:03 - 00000000 ___RD () C:\Users\Calvin\Dropbox 2014-08-12 13:49 - 2012-10-04 16:59 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Dropbox 2014-08-12 13:48 - 2014-08-12 13:48 - 00000000 ____H () C:\ProgramData\cm-lock 2014-08-12 13:48 - 2014-08-02 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-12 13:48 - 2013-09-17 00:11 - 00000000 ____D () C:\Users\Calvin\AppData\Local\TSVNCache 2014-08-12 13:48 - 2013-07-01 18:01 - 00041225 _____ () C:\Windows\setupact.log 2014-08-12 13:48 - 2012-12-24 14:02 - 00000000 ____D () C:\ProgramData\VMware 2014-08-12 13:48 - 2012-10-03 21:06 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-08-12 13:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-12 13:45 - 2014-08-12 13:45 - 01016261 _____ (Thisisu) C:\Users\Calvin\Desktop\JRT.exe 2014-08-12 13:45 - 2014-08-12 13:45 - 00000000 ____D () C:\Windows\ERUNT 2014-08-12 13:44 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 13:44 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-12 00:51 - 2014-08-12 00:51 - 00000000 ____D () C:\Users\Calvin\Desktop\oc2 2014-08-12 00:51 - 2014-08-12 00:50 - 59129459 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140807-9dd600c26b-win32-amd64-mingw.zip 2014-08-12 00:49 - 2014-01-06 00:45 - 00000000 ____D () C:\Program Files (x86)\Clonk Rage2 2014-08-12 00:45 - 2009-07-14 19:58 - 00747948 _____ () C:\Windows\system32\perfh007.dat 2014-08-12 00:45 - 2009-07-14 19:58 - 00167864 _____ () C:\Windows\system32\perfc007.dat 2014-08-12 00:45 - 2009-07-14 07:13 - 01757806 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-12 00:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-08-12 00:37 - 2012-08-16 19:19 - 00205328 _____ () C:\Windows\PFRO.log 2014-08-12 00:36 - 2014-08-02 14:04 - 00000000 ____D () C:\AdwCleaner 2014-08-12 00:35 - 2014-08-12 00:35 - 01366203 _____ () C:\Users\Calvin\Downloads\adwcleaner_3.304.exe 2014-08-12 00:35 - 2013-12-01 17:45 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\foobar2000 2014-08-12 00:34 - 2014-08-12 00:34 - 00001142 _____ () C:\Users\Calvin\Desktop\mbam.txt 2014-08-12 00:31 - 2014-08-12 00:31 - 00001648 _____ () C:\Users\Calvin\Downloads\788siffl205tu0u.dlc 2014-08-12 00:19 - 2012-08-16 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-12 00:05 - 2012-08-16 19:29 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Skype 2014-08-11 23:43 - 2012-09-16 19:35 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\vlc 2014-08-11 23:02 - 2013-07-06 22:36 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-08-11 16:28 - 2014-08-11 15:52 - 00000000 ____D () C:\Qoobox 2014-08-11 16:28 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-08-11 16:27 - 2014-08-11 16:27 - 00036544 _____ () C:\ComboFix.txt 2014-08-11 16:19 - 2014-08-11 15:51 - 00000000 ____D () C:\Windows\erdnt 2014-08-11 16:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-08-11 16:04 - 2009-07-14 04:34 - 80740352 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-08-11 16:04 - 2009-07-14 04:34 - 28311552 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-08-11 16:04 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-08-11 16:04 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-08-11 16:04 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-08-11 15:49 - 2012-08-19 22:22 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\X-Chat 2 2014-08-11 15:46 - 2014-08-11 15:46 - 05568206 ____R (Swearware) C:\Users\Calvin\Desktop\ComboFix.exe 2014-08-11 00:31 - 2012-09-16 17:04 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\FileZilla 2014-08-10 21:10 - 2012-08-16 19:29 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-02 20:32 - 2014-08-02 20:32 - 00019007 _____ () C:\Users\Calvin\Downloads\logfiles.zip 2014-08-02 16:37 - 2014-08-02 16:37 - 00019007 _____ () C:\Users\Calvin\Desktop\logfiles.zip 2014-08-02 16:28 - 2014-08-02 16:28 - 00003029 _____ () C:\Users\Calvin\Desktop\MBAM_AdwCleaner_Logs.zip 2014-08-02 15:50 - 2014-08-02 15:49 - 06004615 _____ (Tim Kosse) C:\Users\Calvin\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-02 15:47 - 2014-08-02 14:56 - 00063051 _____ () C:\Users\Calvin\Desktop\Addition.txt 2014-08-02 15:35 - 2014-08-02 15:35 - 00012927 _____ () C:\Users\Calvin\Desktop\Gmer.log 2014-08-02 14:54 - 2014-08-02 14:54 - 00000474 _____ () C:\Users\Calvin\Desktop\defogger_disable.log 2014-08-02 14:54 - 2014-08-02 14:54 - 00000000 _____ () C:\Users\Calvin\defogger_reenable 2014-08-02 14:54 - 2012-08-16 17:39 - 00000000 ____D () C:\Users\Calvin 2014-08-02 14:49 - 2014-08-02 14:49 - 00001640 _____ () C:\Users\Calvin\Desktop\anti-malware-protection-02.08.2014.txt 2014-08-02 14:49 - 2014-08-02 14:49 - 00001145 _____ () C:\Users\Calvin\Desktop\anti-malware-02.08.2014.txt 2014-08-02 14:46 - 2014-08-02 14:46 - 00380416 _____ () C:\Users\Calvin\Desktop\ncynph9p.exe 2014-08-02 14:44 - 2014-08-02 14:43 - 00000000 ____D () C:\Users\Calvin\Desktop\altes_zeug 2014-08-02 14:43 - 2014-08-02 14:43 - 00050477 _____ () C:\Users\Calvin\Desktop\Defogger.exe 2014-08-02 14:10 - 2012-08-16 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-02 14:09 - 2014-08-02 14:09 - 00002218 _____ () C:\Users\Calvin\Desktop\AdwCleaner[S0].txt 2014-08-02 14:05 - 2014-08-02 14:04 - 00002207 _____ () C:\Users\Calvin\Desktop\AdwCleaner[R0].txt 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-02 13:48 - 2014-08-02 13:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-02 13:47 - 2014-08-02 13:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 22:03 - 2014-08-01 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-01 20:59 - 2012-10-04 17:00 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-19 00:45 - 2014-07-19 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-07-19 00:44 - 2014-07-19 00:44 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-07-19 00:43 - 2014-07-19 00:43 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Calvin\Downloads\NAVIGON_Fresh_setup.exe 2014-07-19 00:17 - 2012-10-17 16:43 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\OpenClonk 2014-07-18 23:00 - 2014-07-18 23:00 - 59516946 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-i386-mingw.zip 2014-07-18 22:59 - 2014-07-18 22:59 - 02053228 _____ () C:\Users\Calvin\Downloads\OCNightly32.zip 2014-07-18 22:56 - 2014-07-18 22:55 - 61311027 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-amd64-mingw.zip 2014-07-18 22:55 - 2014-07-18 22:55 - 05915686 _____ () C:\Users\Calvin\Downloads\mape-snapshot-20140713-bb96406262-win32-amd64-mingw.zip 2014-07-18 17:59 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\Documents\WBFS Manager Covers 2014-07-18 17:44 - 2014-07-18 17:44 - 07815799 _____ () C:\Users\Calvin\Downloads\wiibackupmanager_build78.zip 2014-07-18 17:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-18 17:21 - 2014-07-18 17:21 - 00000000 ____D () C:\Users\Calvin\AppData\Local\WBFSManager 2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager 2014-07-18 17:16 - 2014-07-18 17:16 - 02847970 _____ () C:\Users\Calvin\Downloads\WBFSManager3.0.1-RTW-x64.zip 2014-07-16 22:43 - 2012-09-23 15:56 - 00000600 _____ () C:\Users\Calvin\AppData\Local\PUTTY.RND 2014-07-16 11:40 - 2014-07-16 11:40 - 00012848 _____ () C:\Users\Calvin\Downloads\config.bin 2014-07-16 00:18 - 2012-12-24 14:08 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\VMware 2014-07-15 22:25 - 2014-07-15 21:45 - 00000164 _____ () C:\Users\Calvin\advanced_ip_scanner_MAC.bin 2014-07-15 14:45 - 2012-12-24 14:08 - 00000000 ____D () C:\Users\Calvin\AppData\Local\VMware 2014-07-15 00:39 - 2014-06-29 01:12 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Mumble 2014-07-14 21:22 - 2014-07-14 21:22 - 16232960 _____ () C:\Users\Calvin\Downloads\mumble-1.2.7.msi 2014-07-13 18:27 - 2012-09-11 16:18 - 00000000 ____D () C:\Users\Calvin\Documents\Skype Some content of TEMP: ==================== C:\Users\Calvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxg8wm5.dll C:\Users\Calvin\AppData\Local\Temp\Quarantine.exe C:\Users\Calvin\AppData\Local\Temp\sfamcc00001.dll C:\Users\Calvin\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-11 17:05 ==================== End Of Log ============================ --- --- --- |
|
12.08.2014, 18:16
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...]ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.08.2014, 12:16
| #11 |
| | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7f6824c9afd08449b1b5f61bc0466f33
# engine=19626
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-13 04:15:00
# local_time=2014-08-13 06:15:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6187503 49213016 0 0
# scanned=981137
# found=69
# cleaned=0
# scan_time=20414
sh=99305C6442241239E842917B77D14F81373A8CA8 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Ask.B potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\GIGA_Deutsch\GIGA_DeutschToolbarHelper.exe"
sh=16783FE1EC203A04887F5FF1EFCE06FA89BA1E95 ft=1 fh=cfb550e7a8f0c48e vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\GIGA_Deutsch\ldrtbGIGA.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll"
sh=80C4988213ABD64DA38533034CBE2AECBCC38FF2 ft=1 fh=97bfa85f754e1ab7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\GIGA_Deutsch\tbGIGA.dll"
sh=64678F6826694637396AE612D2713BC6CDEFE4C0 ft=1 fh=ec2d54ea4380424c vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="D:\Games\Assassin's Creed III\ubiorbitapi_r2_loader.dll"
sh=720C99E5112F28D84881B8C53E651508F56E7921 ft=1 fh=0a36748dcd849296 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files\Web Assistant\Extension32.dll"
sh=B562BF04E38AD26C8B96EBBAC1C3E21D47A33C0A ft=1 fh=ee1e9e9f490bf16c vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files\Web Assistant\Extension64.dll"
sh=1ED5644C394E883D56C7A5EBDD29DE06F97997C0 ft=1 fh=ef14a3608b1bc89d vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files\Web Assistant\ExtensionUpdaterService.exe"
sh=EF32C1302719F271B1DD9836D542B9E513A3188C ft=1 fh=c71c00112b1b3c9f vn="Variante von Win32/Toolbar.BitCocktail.A evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files\Web Assistant\InstallerHelper.dll"
sh=81C2C3354F11ECE49D7667538CEFE9F2B2395319 ft=1 fh=cca4b3788ffc60aa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="D:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="D:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnStub.exe"
sh=99DD33D629341F95D9853B1E63FCE454EC654560 ft=1 fh=08803d4e54260720 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="D:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\ConduitEngine\ConduitEngine.dll"
sh=A7A358A1F2E7C85D2E73E424BCAA8B4F2F4D5A90 ft=1 fh=c71c0011905dfd23 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll"
sh=E1B8DB844C6D1876F8FAC760A847536048485EBF ft=1 fh=34edeb907fdc1fb5 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\GIGA_Deutsch\GIGA_DeutschToolbarHelper.exe"
sh=16783FE1EC203A04887F5FF1EFCE06FA89BA1E95 ft=1 fh=cfb550e7a8f0c48e vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\GIGA_Deutsch\ldrtbGIGA.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\GIGA_Deutsch\prxtbGIGA.dll"
sh=80C4988213ABD64DA38533034CBE2AECBCC38FF2 ft=1 fh=97bfa85f754e1ab7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\GIGA_Deutsch\tbGIGA.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\IncrediMail_MediaBar_Deutsch_2\tbIncr.dll"
sh=C9AE55F15B28459248B14CDDB03B3E33478C774A ft=1 fh=578a4d6752204186 vn="Win32/LoadTubes.B evtl. unerwünschte Anwendung" ac=I fn="D:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll"
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Babylon\Setup\BExternal.dll"
sh=69FDC602A51E52C603F23A80E9B087C262DCE940 ft=1 fh=cab0049ca6613a48 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Babylon\Setup\IECookieLow.dll"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Babylon\Setup\Setup.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Conduit\CT2967869\GIGA_DeutschAutoUpdateHelper.exe"
sh=B7A5D14DC3E61373FEBBF1356AC3B919380B65C4 ft=1 fh=b1b639afae4f8874 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B80FMISB\tbedrs[1].dll"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\conduitinstaller.exe"
sh=B001F7D0F1F9A7E61C5499E5C8350F497B5A3E18 ft=1 fh=2a21627c0d99789c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\DTLite4413-0173.exe"
sh=D46942CCA4957389910ECCD317CF3F9DF4F777B2 ft=1 fh=b929674db89cfe7c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\DTLite4452-0287.exe"
sh=1BF3475345E6003C06C9330575F45E2CE4CA9860 ft=1 fh=0b6cdf15c941b6d9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\DTLite4454-0315.exe"
sh=8BAE924D051582A919C97CB359A929AF124A4B1B ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\LoadTubes_Silent.zip"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\tbWinl.dll"
sh=C9AE55F15B28459248B14CDDB03B3E33478C774A ft=1 fh=578a4d6752204186 vn="Win32/LoadTubes.B evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\npm.dll"
sh=ED5788B177CA8065A704FEBD7A037E97BBEE92D8 ft=1 fh=180bdf1c411327c5 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\Setup.exe"
sh=3688C37930585EF4D3689AEAF78297CE8893CCE3 ft=1 fh=9c7b498cf0067834 vn="Variante von Win32/LoadTubes.C evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\toolbar.dll"
sh=EEF40F3F5B9E8A15E6C31C13F092321B52B58ADE ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\chrome@loadtubes.com\background.js"
sh=121A47B1DE7B73677B7EEFFA9DE86C1264A41633 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\software@loadtubes.com\chrome\content\loadtbs.js"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\62dca1fba90c1d5531c9f699ae80a9c5\conduitinstaller.exe"
sh=027DF2D2944EA506A71D61928674C2CC42A8FE69 ft=1 fh=4c97c45eed1dce37 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe"
sh=C2D03B5ECA61D4162E72AEDB4DE06ADF32C29167 ft=1 fh=872ffd8282d31593 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\bbf00f9d4bb6a2e678589c351ef6619c\conduitinstaller.exe"
sh=03DF464FE3BBA42BB7CC5A46272027BFB694909C ft=1 fh=1192a2f359e1bc24 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\ct2319825\ffLogic.exe"
sh=A8F057C445C7679D930070FA454AFBE908F4779C ft=1 fh=1b173e9ce8c6bbf5 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\ct2319825\ieLogic.exe"
sh=5A0B2E3D7EA5AAACCC7AA2A579373021204BEDA1 ft=1 fh=572549f60b65a80d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\ct2319825\statisticsStub.exe"
sh=38CDECB4C8EF54555FF54EF611881AD871A59568 ft=1 fh=e0b3b6f8d37b804a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\ct2967869\ffLogic.exe"
sh=A2CA989B4DE9028A9B59902C7C0678B00F493DAE ft=1 fh=3a94cfefa651a1b6 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\ct2967869\ieLogic.exe"
sh=5A0B2E3D7EA5AAACCC7AA2A579373021204BEDA1 ft=1 fh=572549f60b65a80d vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\ct2967869\statisticsStub.exe"
sh=4C0AE023AC3C167497AEDA3EE5F510C9DECB08CD ft=1 fh=2b1066952d783dc2 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\Cyberlink\{AD406BE5-2172-4c58-853A-89771BD414B5}\86bd97f9e4.tmp"
sh=6F4AD8CED3F8D99CA7A030AB10BCCBA10D788034 ft=1 fh=1054510efd18331b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Local\Temp\OCS\ocs_v5c.exe"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\LocalLow\ConduitEngine\ConduitEngine.dll"
sh=16783FE1EC203A04887F5FF1EFCE06FA89BA1E95 ft=1 fh=cfb550e7a8f0c48e vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\LocalLow\GIGA_Deutsch\ldrtbGIGA.dll"
sh=80C4988213ABD64DA38533034CBE2AECBCC38FF2 ft=1 fh=97bfa85f754e1ab7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\LocalLow\GIGA_Deutsch\tbGIGA.dll"
sh=B7A5D14DC3E61373FEBBF1356AC3B919380B65C4 ft=1 fh=b1b639afae4f8874 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\LocalLow\IncrediMail_MediaBar_Deutsch_2\tbInc1.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\LocalLow\IncrediMail_MediaBar_Deutsch_2\tbIncr.dll"
sh=716437E80F0B5F2F5550D3C9DE348F399D688543 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.Blacole.AF Trojaner" ac=I fn="D:\Users\Calvin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\7fa12371-2c7bec12"
sh=3688C37930585EF4D3689AEAF78297CE8893CCE3 ft=1 fh=9c7b498cf0067834 vn="Variante von Win32/LoadTubes.C evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Roaming\loadtbs\toolbar.dll"
sh=ED5788B177CA8065A704FEBD7A037E97BBEE92D8 ft=1 fh=180bdf1c411327c5 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Roaming\loadtbs\uninstall.exe"
sh=6641307F97097C40713CB715259E23C176BC2E04 ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js"
sh=B06BB6E2CA7BF30F3BD354EB53904CAFAEDD1FCB ft=0 fh=0000000000000000 vn="Win32/LoadTubes.D evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\riap0nhp.default\extensions\software@loadtubes.com\chrome\content\loadtbs.js"
SecurityCheck: Code:
ATTFilter u allen Results of screen317's Security Check version 0.99.86 Windows 7 x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Sophos Anti-Rootkit 1.5.0 Java 7 Update 55 Java SE Development Kit 7 Update 9 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 Ran by Calvin (administrator) on SCABA-PC on 13-08-2014 12:59:26 Running from C:\Users\Calvin\Desktop Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Windows\SysWOW64\HsMgr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe () C:\Windows\system\HsMgr64.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (CMedia) C:\Program Files\ASUS Xonar DSX Audio\Customapp\AsusAudioCenter.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (Octoshape ApS) C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe (Dropbox, Inc.) C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\xchat\xchat.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [Cm112Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm112.dll,CMICtrlWnd HKLM\...\Run: [Cm112GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cm112GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-01-31] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-01-31] (Saitek) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2012-04-30] (VMware, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-07-06] (AMD) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2012-10-25] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS) HKU\S-1-5-21-2228607034-3531564096-2891963439-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico () Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://youtube.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB14AAF175F74CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default FF Homepage: https://google.de FF NetworkProxy: "backup.ftp", "" FF NetworkProxy: "backup.ftp_port", 0 FF NetworkProxy: "backup.socks", "" FF NetworkProxy: "backup.socks_port", 0 FF NetworkProxy: "backup.ssl", "" FF NetworkProxy: "backup.ssl_port", 0 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "127.0.0.1" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Calvin\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Calvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Calvin\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Shumway - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\shumway@research.mozilla.org [2014-08-12] FF Extension: Classic Theme Restorer - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11] FF Extension: ClipConverter - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\clipconverter@clipconverter.cc.xpi [2014-02-15] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-10-07] FF Extension: Ghostery - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\firefox@ghostery.com.xpi [2013-08-16] FF Extension: HTTP Header Mangler - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\se.patriarkatet.firefox.extensions.httpheadermangler@jetpack.xpi [2014-07-17] FF Extension: YOURLS shortener - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\yourls-shortener@binfalse.de.xpi [2013-10-26] FF Extension: NoScript - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-10-07] FF Extension: Adblock Plus - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\7ytxa8c6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-16] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R2 MSSQL$MAXXYZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-03-09] (Native Instruments GmbH) [File not signed] S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-05-11] () S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC) R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-04-30] (VMware, Inc.) [File not signed] R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2012-04-30] () [File not signed] R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-06-05] (Google Inc) S3 ASUSU1; C:\Windows\System32\drivers\cm11264.sys [1308160 2011-08-23] (C-Media Electronics Inc) R3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] () R3 bomebus; C:\Windows\System32\DRIVERS\bomebus.sys [34376 2010-10-13] (Bome Software) R3 bomemidi; C:\Windows\System32\drivers\bomemidi.sys [30792 2010-10-13] (Bome Software) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc) S3 hcw66xxx; C:\Windows\System32\Drivers\hcw66x64.sys [758016 2011-02-08] (Hauppauge Computer Works, Inc.) S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2013-04-29] (Logix4u) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\Windows\system32\C75.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2013-04-29] () [File not signed] R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-02-01] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek) R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek) S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] () S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [105816 2012-09-13] (Oracle Corporation) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [266752 2013-01-10] (Jungo) S3 ALSysIO; \??\C:\Users\Calvin\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 hwinterface; System32\Drivers\hwinterface.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 zlportio; \??\D:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 12:57 - 2014-08-13 12:57 - 00001242 _____ () C:\Users\Calvin\Desktop\checkup.txt 2014-08-13 12:54 - 2014-08-13 12:54 - 00854410 _____ () C:\Users\Calvin\Desktop\SecurityCheck.exe 2014-08-13 12:46 - 2014-08-13 12:46 - 00008793 _____ () C:\Users\Calvin\Desktop\eset.txt 2014-08-13 00:32 - 2014-08-13 00:32 - 00000000 ____H () C:\ProgramData\cm-lock 2014-08-12 20:12 - 2014-08-12 20:12 - 02347384 _____ (ESET) C:\Users\Calvin\Desktop\esetsmartinstaller_deu.exe 2014-08-12 13:55 - 2014-08-12 13:55 - 00049941 _____ () C:\Users\Calvin\Desktop\FRST_12-08-2014.txt 2014-08-12 13:54 - 2014-08-13 12:59 - 00000000 ____D () C:\Users\Calvin\Desktop\FRST-OlderVersion 2014-08-12 13:51 - 2014-08-12 13:51 - 00000996 _____ () C:\Users\Calvin\Desktop\JRT.txt 2014-08-12 13:45 - 2014-08-12 13:45 - 01016261 _____ (Thisisu) C:\Users\Calvin\Desktop\JRT.exe 2014-08-12 13:45 - 2014-08-12 13:45 - 00000000 ____D () C:\Windows\ERUNT 2014-08-12 00:51 - 2014-08-12 00:51 - 00000000 ____D () C:\Users\Calvin\Desktop\oc2 2014-08-12 00:50 - 2014-08-12 00:51 - 59129459 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140807-9dd600c26b-win32-amd64-mingw.zip 2014-08-12 00:35 - 2014-08-12 00:35 - 01366203 _____ () C:\Users\Calvin\Downloads\adwcleaner_3.304.exe 2014-08-12 00:34 - 2014-08-12 00:34 - 00001142 _____ () C:\Users\Calvin\Desktop\mbam.txt 2014-08-12 00:31 - 2014-08-12 00:31 - 00001648 _____ () C:\Users\Calvin\Downloads\788siffl205tu0u.dlc 2014-08-11 16:27 - 2014-08-11 16:27 - 00036544 _____ () C:\ComboFix.txt 2014-08-11 15:52 - 2014-08-11 16:28 - 00000000 ____D () C:\Qoobox 2014-08-11 15:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-08-11 15:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-08-11 15:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-08-11 15:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-08-11 15:51 - 2014-08-11 16:19 - 00000000 ____D () C:\Windows\erdnt 2014-08-11 15:46 - 2014-08-11 15:46 - 05568206 ____R (Swearware) C:\Users\Calvin\Desktop\ComboFix.exe 2014-08-02 20:32 - 2014-08-02 20:32 - 00019007 _____ () C:\Users\Calvin\Downloads\logfiles.zip 2014-08-02 16:37 - 2014-08-02 16:37 - 00019007 _____ () C:\Users\Calvin\Desktop\logfiles.zip 2014-08-02 16:28 - 2014-08-02 16:28 - 00003029 _____ () C:\Users\Calvin\Desktop\MBAM_AdwCleaner_Logs.zip 2014-08-02 15:49 - 2014-08-02 15:50 - 06004615 _____ (Tim Kosse) C:\Users\Calvin\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-02 15:35 - 2014-08-02 15:35 - 00012927 _____ () C:\Users\Calvin\Desktop\Gmer.log 2014-08-02 14:56 - 2014-08-02 15:47 - 00063051 _____ () C:\Users\Calvin\Desktop\Addition.txt 2014-08-02 14:55 - 2014-08-13 12:59 - 00031574 _____ () C:\Users\Calvin\Desktop\FRST.txt 2014-08-02 14:55 - 2014-08-13 12:59 - 00000000 ____D () C:\FRST 2014-08-02 14:54 - 2014-08-02 14:54 - 00000474 _____ () C:\Users\Calvin\Desktop\defogger_disable.log 2014-08-02 14:54 - 2014-08-02 14:54 - 00000000 _____ () C:\Users\Calvin\defogger_reenable 2014-08-02 14:49 - 2014-08-02 14:49 - 00001640 _____ () C:\Users\Calvin\Desktop\anti-malware-protection-02.08.2014.txt 2014-08-02 14:49 - 2014-08-02 14:49 - 00001145 _____ () C:\Users\Calvin\Desktop\anti-malware-02.08.2014.txt 2014-08-02 14:46 - 2014-08-13 12:59 - 02100224 _____ (Farbar) C:\Users\Calvin\Desktop\FRST64.exe 2014-08-02 14:46 - 2014-08-02 14:46 - 00380416 _____ () C:\Users\Calvin\Desktop\ncynph9p.exe 2014-08-02 14:43 - 2014-08-02 14:44 - 00000000 ____D () C:\Users\Calvin\Desktop\altes_zeug 2014-08-02 14:43 - 2014-08-02 14:43 - 00050477 _____ () C:\Users\Calvin\Desktop\Defogger.exe 2014-08-02 14:09 - 2014-08-02 14:09 - 00002218 _____ () C:\Users\Calvin\Desktop\AdwCleaner[S0].txt 2014-08-02 14:04 - 2014-08-12 00:36 - 00000000 ____D () C:\AdwCleaner 2014-08-02 14:04 - 2014-08-02 14:05 - 00002207 _____ () C:\Users\Calvin\Desktop\AdwCleaner[R0].txt 2014-08-02 13:49 - 2014-08-13 07:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-02 13:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-02 13:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-02 13:48 - 2014-08-02 13:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-02 13:47 - 2014-08-02 13:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 22:03 - 2014-08-01 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-19 00:45 - 2014-07-19 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-07-19 00:44 - 2014-07-19 00:44 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-07-19 00:43 - 2014-07-19 00:43 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Calvin\Downloads\NAVIGON_Fresh_setup.exe 2014-07-18 23:00 - 2014-07-18 23:00 - 59516946 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-i386-mingw.zip 2014-07-18 22:59 - 2014-07-18 22:59 - 02053228 _____ () C:\Users\Calvin\Downloads\OCNightly32.zip 2014-07-18 22:55 - 2014-07-18 22:56 - 61311027 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-amd64-mingw.zip 2014-07-18 22:55 - 2014-07-18 22:55 - 05915686 _____ () C:\Users\Calvin\Downloads\mape-snapshot-20140713-bb96406262-win32-amd64-mingw.zip 2014-07-18 17:44 - 2014-07-18 17:44 - 07815799 _____ () C:\Users\Calvin\Downloads\wiibackupmanager_build78.zip 2014-07-18 17:21 - 2014-07-18 17:21 - 00000000 ____D () C:\Users\Calvin\AppData\Local\WBFSManager 2014-07-18 17:17 - 2014-07-18 17:59 - 00000000 ____D () C:\Users\Calvin\Documents\WBFS Manager Covers 2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager 2014-07-18 17:16 - 2014-07-18 17:16 - 02847970 _____ () C:\Users\Calvin\Downloads\WBFSManager3.0.1-RTW-x64.zip 2014-07-16 11:40 - 2014-07-16 11:40 - 00012848 _____ () C:\Users\Calvin\Downloads\config.bin 2014-07-15 21:45 - 2014-07-15 22:25 - 00000164 _____ () C:\Users\Calvin\advanced_ip_scanner_MAC.bin 2014-07-14 21:22 - 2014-07-14 21:22 - 16232960 _____ () C:\Users\Calvin\Downloads\mumble-1.2.7.msi ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 12:59 - 2014-08-12 13:54 - 00000000 ____D () C:\Users\Calvin\Desktop\FRST-OlderVersion 2014-08-13 12:59 - 2014-08-02 14:55 - 00031574 _____ () C:\Users\Calvin\Desktop\FRST.txt 2014-08-13 12:59 - 2014-08-02 14:55 - 00000000 ____D () C:\FRST 2014-08-13 12:59 - 2014-08-02 14:46 - 02100224 _____ (Farbar) C:\Users\Calvin\Desktop\FRST64.exe 2014-08-13 12:57 - 2014-08-13 12:57 - 00001242 _____ () C:\Users\Calvin\Desktop\checkup.txt 2014-08-13 12:57 - 2012-08-16 19:29 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Skype 2014-08-13 12:54 - 2014-08-13 12:54 - 00854410 _____ () C:\Users\Calvin\Desktop\SecurityCheck.exe 2014-08-13 12:46 - 2014-08-13 12:46 - 00008793 _____ () C:\Users\Calvin\Desktop\eset.txt 2014-08-13 12:19 - 2012-08-16 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-13 09:04 - 2012-08-16 17:39 - 01250777 _____ () C:\Windows\WindowsUpdate.log 2014-08-13 07:14 - 2014-08-02 13:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 01:35 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-08-13 00:39 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-13 00:39 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-13 00:33 - 2014-06-08 20:56 - 00000000 ____D () C:\Users\Calvin\AppData\Local\LogMeIn Hamachi 2014-08-13 00:33 - 2013-09-17 00:11 - 00000000 ____D () C:\Users\Calvin\AppData\Local\TSVNCache 2014-08-13 00:33 - 2012-10-04 17:03 - 00000000 ___RD () C:\Users\Calvin\Dropbox 2014-08-13 00:33 - 2012-10-04 16:59 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Dropbox 2014-08-13 00:33 - 2012-10-03 21:06 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2014-08-13 00:33 - 2012-08-16 19:29 - 00000000 ____D () C:\ProgramData\Skype 2014-08-13 00:32 - 2014-08-13 00:32 - 00000000 ____H () C:\ProgramData\cm-lock 2014-08-13 00:32 - 2013-07-01 18:01 - 00042871 _____ () C:\Windows\setupact.log 2014-08-13 00:32 - 2012-12-24 14:02 - 00000000 ____D () C:\ProgramData\VMware 2014-08-13 00:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-13 00:31 - 2012-09-16 17:04 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\FileZilla 2014-08-13 00:30 - 2012-08-19 22:22 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\X-Chat 2 2014-08-13 00:09 - 2012-09-23 15:56 - 00000600 _____ () C:\Users\Calvin\AppData\Local\PUTTY.RND 2014-08-12 22:56 - 2013-12-01 17:45 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\foobar2000 2014-08-12 22:15 - 2009-07-14 19:58 - 00747948 _____ () C:\Windows\system32\perfh007.dat 2014-08-12 22:15 - 2009-07-14 19:58 - 00167864 _____ () C:\Windows\system32\perfc007.dat 2014-08-12 22:15 - 2009-07-14 07:13 - 01757806 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-12 20:12 - 2014-08-12 20:12 - 02347384 _____ (ESET) C:\Users\Calvin\Desktop\esetsmartinstaller_deu.exe 2014-08-12 13:55 - 2014-08-12 13:55 - 00049941 _____ () C:\Users\Calvin\Desktop\FRST_12-08-2014.txt 2014-08-12 13:51 - 2014-08-12 13:51 - 00000996 _____ () C:\Users\Calvin\Desktop\JRT.txt 2014-08-12 13:45 - 2014-08-12 13:45 - 01016261 _____ (Thisisu) C:\Users\Calvin\Desktop\JRT.exe 2014-08-12 13:45 - 2014-08-12 13:45 - 00000000 ____D () C:\Windows\ERUNT 2014-08-12 00:51 - 2014-08-12 00:51 - 00000000 ____D () C:\Users\Calvin\Desktop\oc2 2014-08-12 00:51 - 2014-08-12 00:50 - 59129459 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140807-9dd600c26b-win32-amd64-mingw.zip 2014-08-12 00:49 - 2014-01-06 00:45 - 00000000 ____D () C:\Program Files (x86)\Clonk Rage2 2014-08-12 00:37 - 2012-08-16 19:19 - 00205328 _____ () C:\Windows\PFRO.log 2014-08-12 00:36 - 2014-08-02 14:04 - 00000000 ____D () C:\AdwCleaner 2014-08-12 00:35 - 2014-08-12 00:35 - 01366203 _____ () C:\Users\Calvin\Downloads\adwcleaner_3.304.exe 2014-08-12 00:34 - 2014-08-12 00:34 - 00001142 _____ () C:\Users\Calvin\Desktop\mbam.txt 2014-08-12 00:31 - 2014-08-12 00:31 - 00001648 _____ () C:\Users\Calvin\Downloads\788siffl205tu0u.dlc 2014-08-11 23:43 - 2012-09-16 19:35 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\vlc 2014-08-11 23:02 - 2013-07-06 22:36 - 00000000 ____D () C:\Program Files (x86)\osu! 2014-08-11 16:28 - 2014-08-11 15:52 - 00000000 ____D () C:\Qoobox 2014-08-11 16:28 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-08-11 16:27 - 2014-08-11 16:27 - 00036544 _____ () C:\ComboFix.txt 2014-08-11 16:19 - 2014-08-11 15:51 - 00000000 ____D () C:\Windows\erdnt 2014-08-11 16:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-08-11 16:04 - 2009-07-14 04:34 - 80740352 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-08-11 16:04 - 2009-07-14 04:34 - 28311552 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-08-11 16:04 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-08-11 16:04 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-08-11 16:04 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-08-11 15:46 - 2014-08-11 15:46 - 05568206 ____R (Swearware) C:\Users\Calvin\Desktop\ComboFix.exe 2014-08-10 21:10 - 2012-08-16 19:29 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-02 20:32 - 2014-08-02 20:32 - 00019007 _____ () C:\Users\Calvin\Downloads\logfiles.zip 2014-08-02 16:37 - 2014-08-02 16:37 - 00019007 _____ () C:\Users\Calvin\Desktop\logfiles.zip 2014-08-02 16:28 - 2014-08-02 16:28 - 00003029 _____ () C:\Users\Calvin\Desktop\MBAM_AdwCleaner_Logs.zip 2014-08-02 15:50 - 2014-08-02 15:49 - 06004615 _____ (Tim Kosse) C:\Users\Calvin\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-02 15:47 - 2014-08-02 14:56 - 00063051 _____ () C:\Users\Calvin\Desktop\Addition.txt 2014-08-02 15:35 - 2014-08-02 15:35 - 00012927 _____ () C:\Users\Calvin\Desktop\Gmer.log 2014-08-02 14:54 - 2014-08-02 14:54 - 00000474 _____ () C:\Users\Calvin\Desktop\defogger_disable.log 2014-08-02 14:54 - 2014-08-02 14:54 - 00000000 _____ () C:\Users\Calvin\defogger_reenable 2014-08-02 14:54 - 2012-08-16 17:39 - 00000000 ____D () C:\Users\Calvin 2014-08-02 14:49 - 2014-08-02 14:49 - 00001640 _____ () C:\Users\Calvin\Desktop\anti-malware-protection-02.08.2014.txt 2014-08-02 14:49 - 2014-08-02 14:49 - 00001145 _____ () C:\Users\Calvin\Desktop\anti-malware-02.08.2014.txt 2014-08-02 14:46 - 2014-08-02 14:46 - 00380416 _____ () C:\Users\Calvin\Desktop\ncynph9p.exe 2014-08-02 14:44 - 2014-08-02 14:43 - 00000000 ____D () C:\Users\Calvin\Desktop\altes_zeug 2014-08-02 14:43 - 2014-08-02 14:43 - 00050477 _____ () C:\Users\Calvin\Desktop\Defogger.exe 2014-08-02 14:10 - 2012-08-16 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-02 14:09 - 2014-08-02 14:09 - 00002218 _____ () C:\Users\Calvin\Desktop\AdwCleaner[S0].txt 2014-08-02 14:05 - 2014-08-02 14:04 - 00002207 _____ () C:\Users\Calvin\Desktop\AdwCleaner[R0].txt 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-02 13:49 - 2014-08-02 13:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-02 13:48 - 2014-08-02 13:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-08-02 13:47 - 2014-08-02 13:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Calvin\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-01 22:03 - 2014-08-01 22:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-01 20:59 - 2012-10-04 17:00 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-08-01 20:56 - 2014-08-01 20:56 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-07-19 00:45 - 2014-07-19 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-07-19 00:44 - 2014-07-19 00:44 - 00000000 ____D () C:\Program Files (x86)\NAVIGON 2014-07-19 00:43 - 2014-07-19 00:43 - 24186616 _____ (GARMIN Würzburg GmbH) C:\Users\Calvin\Downloads\NAVIGON_Fresh_setup.exe 2014-07-19 00:17 - 2012-10-17 16:43 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\OpenClonk 2014-07-18 23:00 - 2014-07-18 23:00 - 59516946 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-i386-mingw.zip 2014-07-18 22:59 - 2014-07-18 22:59 - 02053228 _____ () C:\Users\Calvin\Downloads\OCNightly32.zip 2014-07-18 22:56 - 2014-07-18 22:55 - 61311027 _____ () C:\Users\Calvin\Downloads\openclonk-snapshot-20140715-7ab6b33d6a-win32-amd64-mingw.zip 2014-07-18 22:55 - 2014-07-18 22:55 - 05915686 _____ () C:\Users\Calvin\Downloads\mape-snapshot-20140713-bb96406262-win32-amd64-mingw.zip 2014-07-18 17:59 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\Documents\WBFS Manager Covers 2014-07-18 17:44 - 2014-07-18 17:44 - 07815799 _____ () C:\Users\Calvin\Downloads\wiibackupmanager_build78.zip 2014-07-18 17:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-18 17:21 - 2014-07-18 17:21 - 00000000 ____D () C:\Users\Calvin\AppData\Local\WBFSManager 2014-07-18 17:17 - 2014-07-18 17:17 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager 2014-07-18 17:16 - 2014-07-18 17:16 - 02847970 _____ () C:\Users\Calvin\Downloads\WBFSManager3.0.1-RTW-x64.zip 2014-07-16 11:40 - 2014-07-16 11:40 - 00012848 _____ () C:\Users\Calvin\Downloads\config.bin 2014-07-16 00:18 - 2012-12-24 14:08 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\VMware 2014-07-15 22:25 - 2014-07-15 21:45 - 00000164 _____ () C:\Users\Calvin\advanced_ip_scanner_MAC.bin 2014-07-15 14:45 - 2012-12-24 14:08 - 00000000 ____D () C:\Users\Calvin\AppData\Local\VMware 2014-07-15 00:39 - 2014-06-29 01:12 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Mumble 2014-07-14 21:22 - 2014-07-14 21:22 - 16232960 _____ () C:\Users\Calvin\Downloads\mumble-1.2.7.msi Some content of TEMP: ==================== C:\Users\Calvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7faacj.dll C:\Users\Calvin\AppData\Local\Temp\Quarantine.exe C:\Users\Calvin\AppData\Local\Temp\sfamcc00001.dll C:\Users\Calvin\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-11 17:05 ==================== End Of Log ============================ |
|
13.08.2014, 20:40
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Java updaten. Windows updaten, da fehlt ein ganzes Servicepack. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. MBAM updaten, Platte D scannen lassen und Funde entfernen. AdwCleaner löschen und neu laden, scannen und löschen lassen. ESET Funde in AppData\Roaming\Low von Hand löschen. Frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.08.2014, 22:24
| #13 |
| | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Java-Update war kein Problem, doch das Windowsupdate ist fehlgeschlagen. Direkt nach dem Reboot kam das:  Und als ich mal ein wenig mehr nachgeguckt hab, was da passiert ist, kam das:  |
|
14.08.2014, 13:24
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Servicepack 1 offlineInstaller laden und dann so installieren, ohne WIndows Update.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.08.2014, 20:33
| #15 |
| | Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...] Das hat auch nicht funktioniert, nach dem Update öffnete sich das gleiche Fenster wie das obere im Post davor. |
|
![Windows 7: Firefox öffnet selbstständig in kurzen Abständen URL: http://98uj8.de/[...]](iconimages/log-analyse-auswertung/windows-7-firefox-oeffnet-selbststaendig-kurzen-abstaenden-url-http-98uj8-de_ltr.gif)
Linear-Darstellung
