|
Log-Analyse und Auswertung: Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.10.2014, 21:46 | #16 |
| Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods) Trend Micro meldet sich immer noch :-(. Sonst wechsel ich einfach zu Chrome :-). Hier die FRST log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014 Ran by Medion (administrator) on MEDION-PC on 26-10-2014 21:29:44 Running from C:\Users\Medion\Downloads Loaded Profiles: Medion & Miriam II (Available profiles: Medion & Finn & Miriam II) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe (Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe (Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (1&1 Mail & Media GmbH) C:\Users\Miriam II\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Akamai Technologies, Inc.) C:\Users\Medion\AppData\Local\Akamai\netsession_win.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Akamai Technologies, Inc.) C:\Users\Medion\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495728 2010-03-30] (IDT, Inc.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [819984 2014-03-13] (BlueStack Systems, Inc.) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [44152 2013-07-23] (Trend Micro Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [436800 2013-07-15] (BillP Studios) HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Run: [Allmyapps] => "C:\Users\Medion\AppData\Roaming\Allmyapps\Allmyapps.exe" startup HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Run: [Allmyapps Update] => "C:\Users\Medion\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe" check startup HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Medion\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-634998973-2183486359-2024787897-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\Run: [SpywareTerminatorUpdate] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom) HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\Miriam II\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [792576 2014-06-04] (1&1 Mail & Media GmbH) HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\Run: [1und1DispatcherCorp] => C:\Users\Miriam II\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe [220808 2013-05-29] (1&1 Mail & Media GmbH) HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\MountPoints2: {362dbb65-accf-11e1-b782-00262dbfe53b} - F:\AutoRun.exe HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\MountPoints2: {362dbb86-accf-11e1-b782-00262dbfe53b} - F:\AutoRun.exe HKU\S-1-5-21-634998973-2183486359-2024787897-1004\...\MountPoints2: {b636cf64-b326-11e1-b7d9-00262dbfe53b} - F:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611230547711.dll (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611230547711.dll (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611230547711.dll (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611230547711.dll (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk * sdnclean.exe GroupPolicyUsers\S-1-5-21-634998973-2183486359-2024787897-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-634998973-2183486359-2024787897-1003\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: :0 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.) BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\6e7oss3s.default-1414354867081 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-17] FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-09-04] FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-05-14] FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-05-15] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\q5jk1lre.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-19] CHR Extension: (Google Docs) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19] CHR Extension: (Google Drive) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20] CHR Extension: (YouTube) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19] CHR Extension: (Google-Suche) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19] CHR Extension: (Google Tabellen) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-19] CHR Extension: (Google Wallet) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-19] CHR Extension: (Google Mail) - C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-03-13] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-03-13] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [770832 2014-03-13] (BlueStack Systems, Inc.) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-09-14] (Flexera Software LLC) R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed] R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [539952 2013-10-18] (SMART Technologies) R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-04-03] (Crawler.com) R2 STacSV; c:\program files\idt\wdm\STacSV.exe [225382 2010-03-30] (IDT, Inc.) R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D) S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [113152 2009-03-04] (Wistron Corp.) [File not signed] R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] S4 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-03-13] (BlueStack Systems) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia) R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-10-18] (SMART Technologies) R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies) S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC) R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed] S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [103416 2013-12-03] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [290376 2013-12-03] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83864 2013-12-03] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Medion\AppData\Local\Temp\catchme.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] U2 TMAgent; No ImagePath S3 uxddrv; \??\E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys [X] S3 XDva401; \??\C:\Windows\system32\XDva401.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 21:29 - 2014-10-26 21:31 - 00028013 _____ () C:\Users\Medion\Downloads\FRST.txt 2014-10-26 21:29 - 2014-10-26 21:29 - 01104896 _____ (Farbar) C:\Users\Medion\Downloads\FRST.exe 2014-10-26 20:48 - 2014-10-26 20:48 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-26 20:48 - 2014-10-26 20:48 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-26 20:47 - 2014-10-26 20:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-10-26 20:46 - 2014-10-26 20:46 - 00244408 _____ () C:\Users\Medion\Downloads\Firefox Setup Stub 33.0.exe 2014-10-26 20:32 - 2014-10-26 20:32 - 00001226 _____ () C:\Users\Medion\Desktop\Revo Uninstaller.lnk 2014-10-26 20:30 - 2014-10-26 20:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Miriam II\Downloads\revosetup95.exe 2014-10-24 20:38 - 2014-10-24 20:38 - 00008413 _____ () C:\Users\Miriam II\Downloads\print.action 2014-10-23 13:25 - 2014-10-23 13:25 - 00854448 _____ () C:\Users\Medion\Desktop\SecurityCheck.exe 2014-10-21 22:25 - 2014-10-22 09:53 - 00000000 ____D () C:\Users\Medion\Desktop\trojaner board II 2014-10-21 21:48 - 2014-10-21 21:57 - 00000000 ____D () C:\AdwCleaner 2014-10-21 20:41 - 2014-10-21 20:41 - 00000048 _____ () C:\Users\Public\Documents\_rgpl 2014-10-21 19:31 - 2014-10-26 20:32 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-10-20 20:21 - 2014-10-20 20:21 - 00000000 ____D () C:\Users\Medion\AppData\Local\com 2014-10-20 20:17 - 2014-10-20 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-20 20:17 - 2014-10-20 20:17 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-10-20 19:44 - 2014-10-20 19:44 - 00007805 _____ () C:\Users\Miriam II\Desktop\GMER.txt 2014-10-20 19:36 - 2014-10-20 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-10-20 19:36 - 2014-10-20 19:36 - 00000000 ____D () C:\Program Files\7-Zip 2014-10-20 16:30 - 2014-10-20 16:30 - 00146376 _____ () C:\Windows\Minidump\102014-18891-01.dmp 2014-10-20 10:46 - 2014-10-26 21:29 - 00000000 ____D () C:\FRST 2014-10-20 10:41 - 2014-10-20 10:41 - 00000000 _____ () C:\Users\Medion\defogger_reenable 2014-10-16 13:10 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 13:10 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 13:10 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 13:10 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 13:09 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 13:09 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 13:09 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 13:09 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 13:09 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 13:09 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 13:09 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 13:09 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 13:09 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 13:09 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 13:09 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 13:09 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 13:09 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 13:09 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 13:09 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 13:09 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 13:09 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 13:09 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 13:09 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 13:09 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 13:09 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 13:09 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 13:09 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 13:09 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 13:09 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 13:09 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 13:09 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 13:09 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 13:09 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 13:09 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 13:09 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 13:09 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 13:09 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 13:09 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 13:08 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 13:08 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-16 13:08 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 13:08 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-16 13:08 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-16 13:08 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 13:08 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 13:08 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 13:08 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 13:08 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 13:08 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 13:08 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 13:08 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-16 13:08 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-16 13:08 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-16 13:08 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-16 13:08 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-16 13:08 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-16 13:08 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-16 13:07 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 13:07 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-03 06:13 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 06:54 - 2014-09-30 06:55 - 00000000 ____D () C:\Users\Medion\AppData\Local\Skyrim ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 21:31 - 2011-04-14 20:53 - 00000000 ____D () C:\Users\Medion\AppData\Roaming\Skype 2014-10-26 21:20 - 2014-07-17 21:09 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-26 21:18 - 2012-03-31 15:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-26 21:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2014-10-26 20:48 - 2012-09-26 16:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-10-26 20:43 - 2014-07-17 21:09 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-26 20:28 - 2014-07-17 21:24 - 00000000 ___RD () C:\Users\Miriam II\Google Drive 2014-10-26 20:08 - 2014-07-25 14:05 - 00000000 ____D () C:\Users\Miriam II\AppData\Local\HTC MediaHub 2014-10-26 20:07 - 2011-04-06 09:26 - 01048477 _____ () C:\Windows\WindowsUpdate.log 2014-10-26 20:05 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-26 20:05 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-26 20:02 - 2010-05-05 17:08 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-26 19:58 - 2014-08-20 18:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-10-26 19:58 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-26 19:57 - 2009-07-14 05:39 - 00178187 _____ () C:\Windows\setupact.log 2014-10-25 19:30 - 2014-07-25 14:10 - 00000000 ____D () C:\Users\Medion\AppData\Local\HTC MediaHub 2014-10-25 15:10 - 2012-11-18 18:32 - 00000000 ____D () C:\Users\Finn.Medion-PC\AppData\Roaming\.minecraft 2014-10-25 14:12 - 2014-08-03 19:00 - 00000000 ____D () C:\Users\Finn.Medion-PC\AppData\Local\HTC MediaHub 2014-10-25 14:12 - 2014-07-18 19:36 - 00000000 ____D () C:\Program Files\Steam 2014-10-25 09:21 - 2013-07-18 16:46 - 00000000 ____D () C:\ProgramData\Spyware Terminator 2014-10-24 17:44 - 2013-04-30 08:27 - 00000000 ____D () C:\Users\Medion\AppData\Local\Deployment 2014-10-24 13:29 - 2013-05-15 16:56 - 00000000 ____D () C:\Users\Finn.Medion-PC\AppData\Roaming\Skype 2014-10-23 16:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-23 16:19 - 2014-07-18 19:36 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-10-23 15:43 - 2011-05-02 15:27 - 00144760 _____ () C:\Users\Finn.Medion-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-23 15:36 - 2010-05-05 18:37 - 00341596 _____ () C:\Windows\PFRO.log 2014-10-21 21:57 - 2012-05-13 11:57 - 00000000 ____D () C:\Users\Medion\AppData\Local\CRE 2014-10-21 21:57 - 2011-04-19 17:23 - 00000000 ____D () C:\Users\Finn.Medion-PC 2014-10-21 21:57 - 2011-04-06 09:28 - 00001154 _____ () C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-21 21:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-10-21 21:02 - 2011-11-28 13:24 - 00000000 ____D () C:\Program Files\BFDemos 2014-10-21 20:26 - 2010-05-05 16:57 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-10-20 21:24 - 2014-09-19 16:09 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-20 20:17 - 2014-03-14 20:14 - 00000000 ___RD () C:\Program Files\Skype 2014-10-20 20:17 - 2011-04-14 20:52 - 00000000 ____D () C:\ProgramData\Skype 2014-10-20 18:11 - 2011-04-14 18:57 - 00144760 _____ () C:\Users\Medion\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-20 16:30 - 2014-05-17 08:08 - 355499801 _____ () C:\Windows\MEMORY.DMP 2014-10-20 16:30 - 2014-05-17 08:08 - 00000000 ____D () C:\Windows\Minidump 2014-10-20 10:41 - 2011-04-06 09:28 - 00000000 ____D () C:\Users\Medion 2014-10-20 09:56 - 2013-01-19 14:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-19 16:26 - 2011-09-05 20:15 - 00000000 ____D () C:\Users\Miriam II\Documents\Eigene Scans 2014-10-18 22:29 - 2011-04-26 13:29 - 00144760 _____ () C:\Users\Miriam II\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-18 21:13 - 2009-07-14 05:33 - 00484552 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-18 20:45 - 2011-11-28 14:01 - 00000000 ____D () C:\ProgramData\Schreib- und Leselabor 2 2014-10-18 18:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-10-17 16:15 - 2014-07-02 16:57 - 00209432 _____ () C:\Windows\RegBootClean.exe 2014-10-17 15:42 - 2009-07-14 03:37 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-17 15:38 - 2014-04-30 23:36 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-17 15:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-10-17 01:23 - 2010-05-05 17:53 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-17 01:13 - 2013-07-27 09:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-17 00:10 - 2010-05-05 18:33 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-12 22:04 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-02 08:55 - 2012-09-30 19:29 - 00000000 ____D () C:\Users\Miriam II\AppData\Local\Deployment Files to move or delete: ==================== C:\Users\Finn.Medion-PC\Minecraft Ram Launcher.exe Some content of TEMP: ==================== C:\Users\Finn.Medion-PC\AppData\Local\Temp\BundleSweetIMSetup.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\i4jdel0.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\i4jdel1.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\i4jdel2.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\i4jdel3.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\i4jdel4.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\i4jdel5.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\MybabylonTB.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\propsys.dll C:\Users\Finn.Medion-PC\AppData\Local\Temp\Softonic_DE_1-5-1.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Finn.Medion-PC\AppData\Local\Temp\zodr8l3a.dll C:\Users\Medion\AppData\Local\Temp\0acncs1a.eea.exe C:\Users\Medion\AppData\Local\Temp\1sv0noim.wxt.exe C:\Users\Medion\AppData\Local\Temp\27353uninstall.exe C:\Users\Medion\AppData\Local\Temp\amazonicon_v4.exe C:\Users\Medion\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Medion\AppData\Local\Temp\APNSetup.exe C:\Users\Medion\AppData\Local\Temp\awtcmhrt.uzg.exe C:\Users\Medion\AppData\Local\Temp\BackupSetup.exe C:\Users\Medion\AppData\Local\Temp\dlLogic.exe C:\Users\Medion\AppData\Local\Temp\dltr.exe C:\Users\Medion\AppData\Local\Temp\erb3vygz.wnz.exe C:\Users\Medion\AppData\Local\Temp\foxy_security_games.exe C:\Users\Medion\AppData\Local\Temp\GCVerifier.dll C:\Users\Medion\AppData\Local\Temp\iodhz2td.rks.exe C:\Users\Medion\AppData\Local\Temp\Quarantine.exe C:\Users\Medion\AppData\Local\Temp\sdanircmdc.exe C:\Users\Medion\AppData\Local\Temp\sdapskill.exe C:\Users\Medion\AppData\Local\Temp\sdaspwn.exe C:\Users\Medion\AppData\Local\Temp\sdyfmtve.0ap.exe C:\Users\Medion\AppData\Local\Temp\SkypeSetup.exe C:\Users\Medion\AppData\Local\Temp\Sqlite3.dll C:\Users\Medion\AppData\Local\Temp\sweetpage_294wld.exe C:\Users\Medion\AppData\Local\Temp\Uni000.exe C:\Users\Medion\AppData\Local\Temp\vdoiuwkh.d1k.exe C:\Users\Medion\AppData\Local\Temp\verifier.exe C:\Users\Medion\AppData\Local\Temp\vfxpnvpx.lx3.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-18 18:03 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014 Ran by Medion at 2014-10-26 21:32:13 Running from C:\Users\Medion\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Allmyapps (HKCU\...\Allmyapps) (Version: 2.0.0.24 - Allmyapps) Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - ) AudibleManager (HKLM\...\AudibleManager) (Version: 2008373984.48.56.10227058 - Audible, Inc.) Avidemux 2.5 (HKLM\...\Avidemux 2.5) (Version: 2.5.4.6714 - ) B110 (Version: 140.0.283.000 - Hewlett-Packard) Hidden Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.7.3069 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM\...\{FE5ABB0E-EDEA-4023-B0FB-9DEA39A98D76}) (Version: 0.8.7.3069 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Brick-Force (HKLM\...\Brick-Force) (Version: - Infernum Productions AG) BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.) CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.) CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.) CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment) ElsterFormular für Privatanwender (HKLM\...\ElsterFormular für Privatanwender 12.2.1.6570p) (Version: 12.2.1.6570p - Landesfinanzdirektion Thüringen) Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.5.4.0 - Sentelic) Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free Sound Recorder v9.2.7 (HKLM\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2011 FreeSoundRecorder Technologies, Inc.) Free YouTube to MP3 Converter version 3.11.34.1015 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.34.1015 - DVDVideoSoft Ltd.) FreeOCR v5.0 (HKLM\...\freeocr_is1) (Version: - ) G DATA Logox4 Speechengine (HKLM\...\lgx4.lgx.server) (Version: - G DATA Software AG) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden HotPotatoes v 6.3.0.5 (HKLM\...\hotpot_is1) (Version: - HalfBaked) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP) HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation) HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC) HUAWEI DataCard Driver 4.20.12.00 (HKLM\...\HUAWEI DataCard Driver) (Version: 4.20.12.00 - Huawei technologies Co., Ltd.) iCF Skin Pack (HKLM\...\iCF Skin Pack) (Version: - ) iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.) iColorFolder (HKLM\...\iColorFolder) (Version: - ) IDS Intelligence and Development Scales (HKLM\...\{5093E76B-8BCB-49BA-8AC5-4018D307C771}) (Version: 1.0.0.1 - Verlag Hans Huber, Hogrefe AG, Bern) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6208.0 - IDT) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.) Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Launch Manager V1.5.0.5 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0.5 - Wistron Corp.) Lurs-Minimator (HKLM\...\Lurs-Minimator) (Version: 1.0 - LegaKids) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.5.3 - Marvell) Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1318 - CyberLink Corp.) Medion Home Cinema (Version: 8.0.1318 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.5117.5000 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.40303 - Microsoft Corporation) Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Mobile Connection Manager (HKLM\...\o2DE) (Version: - Mobile Connection Manager) MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.) Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) Mozilla Thunderbird 17.0 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0 (x86 de)) (Version: 17.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery) phase-6 2.3.4 (HKLM\...\phase-6) (Version: 2.3.4 - phase-6) Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PS_AIO_07_B110_SW_Min (Version: 140.0.142.000 - Hewlett-Packard) Hidden QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - ) Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version: - ) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version: - ) SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung) Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden ScarletBlade (HKLM\...\ScarletBlade) (Version: - ) Secunia PSI (3.0.0.7011) (HKLM\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) simfy (HKLM\...\Simfy) (Version: 1.6.10 - simfy AG) simfy (Version: 1.6.10 - simfy AG) Hidden Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) SMART Common Files (HKLM\...\{BBA07B40-F7C6-44F7-BF08-767F8835685F}) (Version: 11.4.194.0 - SMART Technologies ULC) SMART German Language Pack (HKLM\...\{603E8F13-20D9-4367-81F2-CF6E22D05DA9}) (Version: 11.3.29.0 - SMART Technologies ULC) SMART Ink (HKLM\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.720.0 - SMART Technologies ULC) SMART Notebook (HKLM\...\{E57F6C8B-E159-477E-93BF-764759747BC4}) (Version: 11.3.857.0 - SMART Technologies ULC) SMART Product Update (HKLM\...\{8D4B716A-0ABE-4238-9090-D208E5F57A5E}) (Version: 5.0.108.0 - SMART Technologies ULC) SMART Produkttreiber (HKLM\...\{589B09F5-0768-4BE9-B8C0-DD253E6B3643}) (Version: 11.3.550.0 - SMART Technologies ULC) SmartTools Publishing • Word Falz & Lochmarken-Assistent (HKLM\...\SmartToolsFalz & Lochmarken-Assistentv6.50) (Version: v6.50 - SmartTools Publishing) SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com) Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.) WEB.DE Club SmartFax (HKLM\...\WEB.DE Club SmartFax) (Version: 2.00.223 - WEB.DE GmbH) WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia) WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-634998973-2183486359-2024787897-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miriam II\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 21-10-2014 18:50:53 Revo Uninstaller's restore point - LPT System Updater Service 21-10-2014 18:58:05 Revo Uninstaller's restore point - MyPC Backup 21-10-2014 19:04:16 Revo Uninstaller's restore point - NewPlayer 21-10-2014 19:10:43 Revo Uninstaller's restore point - Shopping App by Ask 21-10-2014 19:16:20 Revo Uninstaller's restore point - PriceSparrow 21-10-2014 19:16:34 Removed PriceSparrow 21-10-2014 19:24:04 Revo Uninstaller's restore point - Lesehaus 21-10-2014 19:24:53 Entfernt Lesehaus 21-10-2014 19:29:22 Revo Uninstaller's restore point - Securita Scout 21-10-2014 19:31:42 Revo Uninstaller's restore point - The Sea App (Internet Explorer) 21-10-2014 19:34:04 Revo Uninstaller's restore point - Yahoo Community Smartbar 21-10-2014 19:37:05 Revo Uninstaller's restore point - CHIP Updater 21-10-2014 19:38:38 Revo Uninstaller's restore point - FastPlayer 21-10-2014 19:41:03 Revo Uninstaller's restore point - GameXN GO 21-10-2014 19:42:28 Revo Uninstaller's restore point - Call of Duty: Ghosts - Multiplayer 21-10-2014 20:07:10 Revo Uninstaller's restore point - Driver Support 21-10-2014 20:12:10 Revo Uninstaller's restore point - Yahoo Community Smartbar 21-10-2014 20:14:10 Revo Uninstaller's restore point - Yahoo Community Smartbar 21-10-2014 20:15:09 Revo Uninstaller's restore point - Yahoo Community Smartbar Engine 22-10-2014 17:41:40 TITANUIMRES 26-10-2014 19:34:43 Revo Uninstaller's restore point - Mozilla Firefox 33.0 (x86 de) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2013-07-23 12:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02113253-C3B6-4AD3-98DA-6333FB51678D} - System32\Tasks\{AA133FD6-8CE9-48DB-A8D6-487926682B37} => C:\Program Files\iTunes\iTunes.exe [2014-07-08] (Apple Inc.) Task: {181A387B-2E82-4A5E-B80D-B65FA21278D4} - System32\Tasks\{7FE6F12C-0882-48A7-9542-25A955EBD64F} => C:\Program Files\BlueStacks\HD-StartLauncher.exe [2014-03-13] (BlueStack Systems, Inc.) <==== ATTENTION Task: {2B5E848B-9F6C-4121-A944-1744209CD76B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.) Task: {3AE4090C-B204-4802-BFE2-2465DEACC9AF} - System32\Tasks\{0A1EFB71-6AAB-4854-B0E0-64B9C2F47C1C} => C:\Program Files\BlueStacks\HD-StartLauncher.exe [2014-03-13] (BlueStack Systems, Inc.) <==== ATTENTION Task: {484E1F2F-C3CB-4C06-85B4-CE5868D74917} - System32\Tasks\{3AC444B3-C7F2-455B-B8A6-F54B69A53FC9} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.) Task: {5E25561C-6F95-41AB-9C34-587CCD63AFDB} - System32\Tasks\{B66A7B46-D706-4AF0-A76C-2B4C1DD20687} => C:\Program Files\BlueStacks\HD-StartLauncher.exe [2014-03-13] (BlueStack Systems, Inc.) <==== ATTENTION Task: {7256A57C-E6C0-4D28-B560-20F043F46028} - System32\Tasks\{5A687B4D-7D32-4BE5-968D-3164BA43A4C3} => C:\BrickForce\BfLauncher.exe [2013-09-05] () Task: {94FECD8D-6BC0-4128-8A8A-129D693CB204} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A14E6D8D-74BB-472A-9799-ACFEA0D42DD9} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.) Task: {A3462E88-782D-4EC8-8862-74909673C296} - System32\Tasks\Microsoft.NETCOM+-Systemanwendung => C:\Windows\bfsvc32.exe [2014-07-23] () Task: {A4FA49F8-A95B-4428-8A15-F215A529B8D3} - System32\Tasks\{26132223-C163-4CDE-9B1F-9AD84C60600D} => C:\Program Files\Steam\Steam.exe [2014-10-21] (Valve Corporation) Task: {D40D5A6F-147A-4097-B32A-89438F14A22D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {D54A811E-A9A1-497F-87FD-C83E0EFA3B96} - System32\Tasks\{D1F608A3-2846-419C-B88E-12A74BA4FFB9} => C:\AeriaGames\ScarletBlade\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment) Task: {D8E75EE5-1A23-4361-96F4-38AC798E89A6} - System32\Tasks\{7D7822AA-2017-4681-83C6-955B32558955} => C:\Program Files\BlueStacks\HD-StartLauncher.exe [2014-03-13] (BlueStack Systems, Inc.) <==== ATTENTION Task: {E66464F2-FFA2-42F5-B949-915B8F393368} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-17] (Google Inc.) Task: {FAF1AE4A-005E-4D2A-920D-D8212DD59D24} - System32\Tasks\{CF16E835-9C48-4BEF-A175-736AACB7201F} => C:\BrickForce\BfLauncher.exe [2013-09-05] () Task: {FD760EE1-BD69-475B-8CCE-FF11477D8568} - System32\Tasks\{BEA2C866-1A32-4F7E-9002-D97B178D2F1F} => C:\BrickForce\BfLauncher.exe [2013-09-05] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AllmyappsUpdateTask.job => C:\Users\Medion\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-14 20:58 - 2013-01-16 02:50 - 00039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll 2014-05-14 20:58 - 2013-04-02 05:25 - 00543744 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2014-05-14 20:58 - 2013-01-16 02:55 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll 2014-05-14 20:58 - 2012-12-18 21:04 - 01098240 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2014-05-14 20:58 - 2013-01-16 02:50 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll 2014-05-14 20:51 - 2013-07-23 16:28 - 00179872 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-24 10:31 - 2014-03-24 10:31 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll 2014-08-06 12:41 - 2014-08-06 12:41 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll 2014-03-24 10:32 - 2014-03-24 10:32 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll 2014-03-24 10:32 - 2014-03-24 10:32 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2014-03-24 10:32 - 2014-03-24 10:32 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll 2014-03-24 10:34 - 2014-03-24 10:34 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll 2014-03-24 10:36 - 2014-03-24 10:36 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll 2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2014-10-17 16:29 - 2014-10-17 16:29 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2010-05-05 16:57 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-05-15 16:59 - 2013-12-18 14:33 - 00047784 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll 2014-08-13 12:30 - 2013-08-29 08:58 - 00882584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\WLMailApiCore.dll 2014-08-06 12:42 - 2014-08-06 12:42 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe 2014-10-26 20:08 - 2014-10-26 20:08 - 00098816 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32api.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00110080 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\pywintypes27.dll 2014-10-26 20:08 - 2014-10-26 20:08 - 00364544 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\pythoncom27.dll 2014-10-26 20:08 - 2014-10-26 20:08 - 00045568 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\_socket.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 01160704 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\_ssl.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00320512 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32com.shell.shell.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00713216 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\_hashlib.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 01175040 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\wx._core_.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00805888 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\wx._gdi_.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00811008 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\wx._windows_.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 01062400 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\wx._controls_.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00735232 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\wx._misc_.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00128512 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\_elementtree.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00127488 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\pyexpat.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00557056 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\pysqlite2._sqlite.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00007168 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\hashobjs_ext.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00087552 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\_ctypes.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00119808 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32file.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00108544 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32security.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00018432 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32event.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00038912 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32inet.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00070656 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\wx._html2.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00167936 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32gui.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00011264 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32crypt.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00027136 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\_multiprocessing.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00686080 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\unicodedata.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00122368 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\wx._wizard.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00010240 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\select.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00024064 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32pipe.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00025600 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32pdh.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00525640 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\windows._lib_cacheinvalidation.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00035840 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32process.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00017408 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32profile.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00022528 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\win32ts.pyd 2014-10-26 20:08 - 2014-10-26 20:08 - 00078336 _____ () C:\Users\Miriam II\AppData\Local\temp\_MEI48162\wx._animate.pyd 2013-07-27 13:53 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2014-05-14 20:51 - 2013-07-23 16:28 - 00039424 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll 2014-05-14 20:51 - 2013-07-23 16:28 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll 2014-10-26 20:47 - 2014-10-11 13:53 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-09-11 21:18 - 2014-09-11 21:18 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: HotkeyApp => "C:\Program Files\Launch Manager\HotkeyApp.exe" MSCONFIG\startupreg: LMgrVolOSD => "C:\Program Files\Launch Manager\OSD.exe" MSCONFIG\startupreg: sbsdk-server => "C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe" MSCONFIG\startupreg: SMART Board Service => "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" -d MSCONFIG\startupreg: SMART Floating Tools => "C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe" MSCONFIG\startupreg: SMART Ink => "C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe" -a MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe" MSCONFIG\startupreg: SMARTNotification => "C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe" MSCONFIG\startupreg: Wbutton => "C:\Program Files\Launch Manager\Wbutton.exe" MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-634998973-2183486359-2024787897-500 - Administrator - Disabled) Finn (S-1-5-21-634998973-2183486359-2024787897-1003 - Limited - Enabled) => C:\Users\Finn.Medion-PC Gast (S-1-5-21-634998973-2183486359-2024787897-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-634998973-2183486359-2024787897-1002 - Limited - Enabled) Medion (S-1-5-21-634998973-2183486359-2024787897-1000 - Administrator - Enabled) => C:\Users\Medion Miriam II (S-1-5-21-634998973-2183486359-2024787897-1004 - Limited - Enabled) => C:\Users\Miriam II ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SMART Virtual TabletPC Description: SMART Virtual TabletPC Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: SMART Technologies ULC Service: SMARTVTabletPCx86 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/26/2014 08:34:39 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {8b881f2b-3d4b-4a0f-80e9-c2b5b65ae771} Error: (10/26/2014 08:02:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (10/26/2014 08:02:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (10/26/2014 08:02:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (10/26/2014 07:58:14 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (10/25/2014 09:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5554 Error: (10/25/2014 09:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5554 Error: (10/25/2014 09:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/25/2014 09:47:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4462 Error: (10/25/2014 09:47:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4462 System errors: ============= Error: (10/26/2014 07:58:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error: (10/25/2014 03:29:48 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.4 registriert werden. Der Computer mit IP-Adresse 192.168.1.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (10/25/2014 03:29:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error: (10/25/2014 03:29:06 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 25.10.2014 um 16:27:40 unerwartet heruntergefahren. Error: (10/25/2014 02:13:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error: (10/25/2014 02:12:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Secunia PSI Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/25/2014 02:12:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Secunia PSI Agent erreicht. Error: (10/25/2014 02:11:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 25.10.2014 um 15:10:52 unerwartet heruntergefahren. Error: (10/25/2014 09:17:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: %%1064 Error: (10/24/2014 09:54:58 PM) (Source: bowser) (EventID: 8016) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "MEDION-PC" auf Transport "NetBT_Tcpip_{1246FD9E-6FC8-4FDD-A385-0B". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Microsoft Office Sessions: ========================= Error: (10/26/2014 08:34:39 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {8b881f2b-3d4b-4a0f-80e9-c2b5b65ae771} Error: (10/26/2014 08:02:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (10/26/2014 08:02:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (10/26/2014 08:02:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (10/26/2014 07:58:14 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (10/25/2014 09:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5554 Error: (10/25/2014 09:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5554 Error: (10/25/2014 09:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/25/2014 09:47:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4462 Error: (10/25/2014 09:47:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4462 CodeIntegrity Errors: =================================== Date: 2013-07-08 01:02:14.997 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:14.717 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:14.447 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:14.177 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:13.907 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:13.637 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:13.367 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:02:13.097 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:00:30.441 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-08 01:00:30.181 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz Percentage of memory in use: 50% Total physical RAM: 3004.87 MB Available physical RAM: 1481.88 MB Total Pagefile: 6008.03 MB Available Pagefile: 4148.32 MB Total Virtual: 2047.88 MB Available Virtual: 1912.28 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:266.99 GB) (Free:97.4 GB) NTFS Drive d: (Recover) (Fixed) (Total:30 GB) (Free:22.44 GB) NTFS Drive g: () (Removable) (Total:27.49 GB) (Free:26.21 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 6256C65D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=267 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (Size: 29.8 GB) (Disk ID: DBAE3FA1) Partition 1: (Not Active) - (Size=27.5 GB) - (Type=0C) ==================== End Of Log ============================ |
27.10.2014, 18:21 | #17 |
/// the machine /// TB-Ausbilder | Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods) Kannste mir davon mal einen Screenshot machen bitte?
__________________
__________________ |
29.10.2014, 19:54 | #18 |
| Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods) Hi Schrauber,
__________________tut mir leid, dass ich mich erst jetzt melde. Hier der Screenshot. Sieht aber genauso aus, wie die vorherigen. Tritt aber tatsächlich nur auf, wenn ich eure Seite öffne und mich in eurem Forum bewege. LG Mika |
30.10.2014, 16:03 | #19 |
/// the machine /// TB-Ausbilder | Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods) Ich hab keinen Schimmer was Trend Micro da für einen Stress hat. Kannst Du bitte mal dazu den Support von Trend Micro anschreiben?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.11.2014, 20:31 | #20 |
| Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods) Hi Schrauber, ich habe es noch nicht geschafft, den Support dazu zu befragen, habe aber jetzt No Script installiert, jetzt tritt das Trend Micro Problem nicht mehr auf. Reicht das so nicht aus oder soll ich immer noch den Support informieren? Gruß Mika |
04.11.2014, 10:58 | #21 |
/// the machine /// TB-Ausbilder | Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods) Ich würd zur Sicherheit auf jeden Fall mal nachfragen.
__________________ --> Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods) |
Themen zu Internetseiten mit Werbung öffnen sich automatisch, "Befall" von Maleware hat sprunghaft zugenommen (u.a.: pup.funmoods) |
conduit.search, conduit.search entfernen, datei anhängen, fehlercode 22, funmoods entfernen, installer entfernen, mypc backup entfernen, newplayer entfernen, pricesparrow entfernen, pup.funmoods, securita scout entfernen, sweetpage entfernen, the sea app entfernen, this device is disabled. (code 22), win32/bearshare.a, win32/downloadsponsor.a, win32/installcore.bn, win32/installcore.by, win32/packed.vmdetector.i, win32/systweak.d, win32/toolbar.crossrider.aw, win32/toolbar.inbox.f, win32/toolbar.linkury.d, win32/toolbar.searchsuite.q, win32/winloadsda.d, yahoo community smartbar entfernen |