| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: msiexec.exe infiziert mit win32 :Malware-genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.11.2014, 16:26
| #31 |
| /// the machine /// TB-Ausbilder    |  msiexec.exe infiziert mit win32 :Malware-gen Das kannst du mit Windows Mitteln machen, einen Systemwiederherstellungspunkt zb. Der wird aber normal sowieso angelegt bei Installation eines Treibers. ich würde keine Tools verwenden, sondern manuell die Treiber beim Hersteller laden, wie schon die LAN und WLAN Treiber. Fehlt ja eigentlich nur noch Chipsatz und Board.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.11.2014, 20:28
| #32 |
 | msiexec.exe infiziert mit win32 :Malware-gen hallo Schrauber,
__________________der Rechner war wieder langsam und AVAST was ich derzeit noch aktiviert habe, hat Virusmeldung gegeben. wieder win32: Malware-gen es wurden einige Dateien in container verschoben. bei anschließendem Booscan von avast wurden ebenfalls mehrere infizierte Dateien mit trojanern in container verschoben. soll ich nocheinmal das gleiche Programm mit combofix durchführen??? |
|
28.11.2014, 21:01
| #33 |
| | msiexec.exe infiziert mit win32 :Malware-gen momentan ist eine trial Vollversion von AVAST aktiviert.
__________________Firewall und Virensschutz ist aktiviert. ausserdem ist auch Firewall von Windows aktiviert. anbei im Anhang die Scanlog dateien von AVAST |
|
29.11.2014, 00:44
| #34 |
| | msiexec.exe infiziert mit win32 :Malware-gen |
|
29.11.2014, 19:57
| #35 |
| /// the machine /// TB-Ausbilder | msiexec.exe infiziert mit win32 :Malware-gen Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.11.2014, 21:54
| #36 |
| | msiexec.exe infiziert mit win32 :Malware-genCode:
ATTFilter *
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 26. Oktober 2014 01:06:49
*
26.10.2014 01:10:09 C:\Users\GC395~1.***\AppData\ROAMING\Ehafas\doqeso.exe [L] Win32:Malware-gen (0)
Datei erfolgreich in Container verschoben...
26.10.2014 01:12:40 C:\Users\GC395~1.***\AppData\ROAMING\2EB42334\bin.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
26.10.2014 01:12:41 C:\Users\GC395~1.***\AppData\ROAMING\MICROSOFT\WINDOWS\IEUpdate\mtstocom.exe [L] Win64:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
26.10.2014 01:13:38 C:\Users\GC395~1.***\AppData\ROAMING\MICROSOFT\WINDOWS\IEUpdate\taskkill.exe [L] Win64:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Montag, 27. Oktober 2014 19:09:38
*
*
* Schutz beendet: Dienstag, 28. Oktober 2014 16:11:31
* Laufzeit war 21 Stunde(n), 1 Minute(n), 1 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Dienstag, 28. Oktober 2014 16:14:02
*
28.10.2014 22:56:16 C:\WINDOWS\Installer\MSI516.tmp [L] Win32:Malware-gen (0)
Datei erfolgreich in Container verschoben...
28.10.2014 22:56:47 C:\WINDOWS\Installer\MSIC308.tmp [L] Win32:Malware-gen (0)
Datei erfolgreich in Container verschoben...
*
* Schutz beendet: Mittwoch, 29. Oktober 2014 01:58:29
* Laufzeit war 9 Stunde(n), 44 Minute(n), 44 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Mittwoch, 29. Oktober 2014 12:30:03
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Mittwoch, 29. Oktober 2014 15:41:48
*
*
* Schutz beendet: Mittwoch, 29. Oktober 2014 16:09:18
* Laufzeit war 27 Minute(n), 27 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Mittwoch, 29. Oktober 2014 16:10:26
*
*
* Schutz beendet: Mittwoch, 29. Oktober 2014 23:11:36
* Laufzeit war 7 Stunde(n), 1 Minute(n), 1 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Mittwoch, 29. Oktober 2014 23:33:20
*
*
* Schutz beendet: Donnerstag, 30. Oktober 2014 03:26:34
* Laufzeit war 3 Stunde(n), 53 Minute(n), 53 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Donnerstag, 30. Oktober 2014 16:10:27
*
*
* Schutz beendet: Freitag, 31. Oktober 2014 02:15:03
* Laufzeit war 10 Stunde(n), 4 Minute(n), 4 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Samstag, 1. November 2014 23:57:10
*
02.11.2014 03:40:51 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD1\i-v**\a**-003\bedien\a**.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:41:24 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD1\i-v**\a**015\a**015-108.bin-1\bedien\a**015.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:41:37 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD1\i-v**\a**015\a**015-108.bin-1\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:41:51 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD1\i-v**\a**017\a**017-110.bin\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:42:04 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD2\i-v**\a**-003\bedien\a**.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:42:17 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD2\i-v**\a**017\a**017-110.bin\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:43:54 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD3\i-v**\a**-003\bedien\a**.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:44:07 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD3\i-v**\a**015\a**015-108.bin-1\bedien\a**015.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:44:08 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD3\i-v**\a**015\a**015-108.bin-1\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
02.11.2014 03:44:22 F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD3\i-v**\a**017\a**017-110.bin\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)
Datei erfolgreich in Container verschoben...
*
* Schutz beendet: Montag, 3. November 2014 01:12:39
* Laufzeit war 1 Tag(e), 1 Stunde(n), 15 Minute(n), 15 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Freitag, 7. November 2014 14:24:20
*
*
* Schutz beendet: Freitag, 7. November 2014 22:05:25
* Laufzeit war 7 Stunde(n), 41 Minute(n), 41 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 9. November 2014 18:57:42
*
*
* Schutz beendet: Sonntag, 9. November 2014 19:05:17
* Laufzeit war 7 Minute(n), 7 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 9. November 2014 19:13:48
*
*
* Schutz beendet: Sonntag, 9. November 2014 19:49:15
* Laufzeit war 35 Minute(n), 35 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 9. November 2014 20:50:32
*
*
* Schutz beendet: Sonntag, 9. November 2014 20:59:43
* Laufzeit war 9 Minute(n), 9 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Montag, 10. November 2014 03:06:36
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Mittwoch, 12. November 2014 18:48:39
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Freitag, 14. November 2014 12:55:29
*
*
* Schutz beendet: Samstag, 15. November 2014 01:59:17
* Laufzeit war 13 Stunde(n), 3 Minute(n), 3 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Samstag, 15. November 2014 02:03:05
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Samstag, 15. November 2014 14:32:48
*
*
* Schutz beendet: Samstag, 15. November 2014 21:13:36
* Laufzeit war 6 Stunde(n), 40 Minute(n), 40 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 16. November 2014 15:01:43
*
*
* Schutz beendet: Sonntag, 16. November 2014 18:28:24
* Laufzeit war 3 Stunde(n), 26 Minute(n), 26 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 16. November 2014 19:28:44
*
*
* Schutz beendet: Sonntag, 16. November 2014 19:56:34
* Laufzeit war 27 Minute(n), 27 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Dienstag, 18. November 2014 20:12:11
*
*
* Schutz beendet: Dienstag, 18. November 2014 23:14:21
* Laufzeit war 3 Stunde(n), 2 Minute(n), 2 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Dienstag, 18. November 2014 23:16:16
*
*
* Schutz beendet: Freitag, 21. November 2014 19:50:20
* Laufzeit war 2 Tag(e), 20 Stunde(n), 34 Minute(n), 34 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Freitag, 21. November 2014 19:52:08
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Samstag, 22. November 2014 03:03:02
*
*
* Schutz beendet: Samstag, 22. November 2014 06:42:31
* Laufzeit war 3 Stunde(n), 39 Minute(n), 39 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Samstag, 22. November 2014 16:13:52
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Sonntag, 23. November 2014 09:24:17
*
*
* Schutz beendet: Montag, 24. November 2014 08:47:41
* Laufzeit war 1 Tag(e), 23 Minute(n), 23 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Montag, 24. November 2014 10:33:24
*
*
* Schutz beendet: Montag, 24. November 2014 09:48:10
* Laufzeit war 14 Minute(n), 14 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Montag, 24. November 2014 23:40:42
*
*
* Schutz beendet: Dienstag, 25. November 2014 01:27:36
* Laufzeit war 2 Stunde(n), 46 Minute(n), 46 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Dienstag, 25. November 2014 14:24:12
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Dienstag, 25. November 2014 19:12:19
*
*
* Schutz beendet: Mittwoch, 26. November 2014 06:07:25
* Laufzeit war 11 Stunde(n), 55 Minute(n), 55 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Mittwoch, 26. November 2014 14:15:40
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Donnerstag, 27. November 2014 10:48:54
*
*
* Schutz beendet: Donnerstag, 27. November 2014 18:29:57
* Laufzeit war 8 Stunde(n), 41 Minute(n), 41 Sekunde(n)
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Donnerstag, 27. November 2014 19:33:27
*
*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Freitag, 28. November 2014 05:14:27
*
Code:
ATTFilter 10/26/2014 01:25
Prüfung aller lokalen Laufwerke
Datei C:\Users\g.****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V8Y2OQV\tt[2].txt ist infiziert von JS:ScriptPE-inf [Trj], In Container verschoben
Datei C:\Users\g.****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V8Y2OQV\tt[6].txt ist infiziert von JS:ScriptPE-inf [Trj], In Container verschoben
Datei C:\Users\g.****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V8Y2OQV\ab[1].txt ist infiziert von JS:ScriptPE-inf [Trj], In Container verschoben
Datei C:\Users\g.****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V8Y2OQV\actors[1].txt ist infiziert von HTML:Script-inf, In Container verschoben
Datei C:\Users\g.****\AppData\Local\Temp\IiXcg2EvVS2fh6K8DiO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWDGIVUP\abcmedicine_net[1].htm ist infiziert von HTML:Framer-inf [Trj], In Container verschoben
Datei C:\Users\g.****\AppData\Local\Temp\Kh8JPHg2CFOlN2s8LbG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3QYTYUE\abcmedicine_net[1].htm ist infiziert von HTML:Framer-inf [Trj], In Container verschoben
Datei C:\Users\g.****\AppData\Local\Temp\PC9CHJsk7cNPJMyykva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SDW9H3M\abcmedicine_net[1].htm ist infiziert von HTML:Framer-inf [Trj], In Container verschoben
Datei C:\Users\g.****\AppData\Local\Temp\wcrash.exe ist infiziert von Win32:Malware-gen, In Container verschoben
Datei C:\Users\g.****\Downloads\WindowsXPMode_de-de.exe.part|>sources\xpm Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\Installer\{3B984C67-079D-4B0A-8ABC-721E33062D63}\msiexec.exe ist infiziert von Win32:Malware-gen
Prüfung abgebrochen
Anzahl durchsuchter Ordner: 202524
Anzahl der geprüften Dateien: 4019786
Anzahl infizierter Dateien: 9
----------------------------------------
11/27/2014 21:48
Prüfung aller lokalen Laufwerke
Datei C:\Users\g.****\Downloads\WindowsXPMode_de-de.exe.part|>sources\xpm Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].031 ist infiziert von Win32:Malware-gen, In Container verschoben
Datei D:\B*****\P**********\A********\10_0_S***_Front\05_Sicherheit\Softwareversionen und -updates\2010-05-26_Softwareänderung\Rn.zip|>rechner\Release\Ves.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\C_LR_001.GHS ist infiziert von Win32:Hupigon-ONX [Trj], Gelöscht
Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\Pool_1\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\Pool_1\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Alt\C_LR_001.GHS ist infiziert von Win32:Hupigon-ONX [Trj], Gelöscht
Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Alt\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Alt\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\d****_P\C_LR_001.GHS ist infiziert von Win32:Hupigon-ONX [Trj], Gelöscht
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\d****_P\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\d****_P\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\Ellipsometer\C_Elli.GHO|>drvspace.bin Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\OEM1\C_DR_OEM1.GHO ist infiziert von Win32:Trojano-DAX [Trj], Gelöscht
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\OEM3\C_OEM3.GHO ist infiziert von Win32:SpyBot-GEC [Trj], Gelöscht
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\RTC1-3\C_RTC1.GHO|>drvspace.bin Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\RTC1-3\C_RTC2.GHO|>drvspace.bin Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\RTC1-3\C_RTC3.GHO|>drvspace.bin Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\WHQ\C_Graphi.GHO ist infiziert von Win32:Radmin-AJ [PUP], Gelöscht
Datei D:\B*****\P**********\P**********splanung\P**********smeeting\DC79369A.tmp|>xl\media\image1.jpeg Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei D:\B*****\P**********\Qualitätsdaten\11_Metallization\Archiv\Qualitätsdaten alt\RS-Al\Premium156+Multi156\A1895140|>Workbook Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei D:\B*****\Projekte_kopie_21082012\S***\Versuche\S***\DatenS*********\Software\Original-Softwareversionen und -updates\2010-05-26_Softwareänderung\RWE_Heilbronn.zip|>rechner\Release\Ves.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei D:\privat\01_netbook_*******_2\*******_****\markt\****_Planung__.docx|>word\media\image135.png Fehler 42125 {ZIP-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 40554
Anzahl der geprüften Dateien: 1664432
Anzahl infizierter Dateien: 7
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by g.**** (administrator) on B-**** on 28-11-2014 21:09:47
Running from C:\Users\g.****\Desktop
Loaded Profile: g.**** (Available profiles: Admin & g.****)
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\GC395~1.WEI\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-10-10] (Avira GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [Run] "C:\Users\g.****\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\g.****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\g.****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\g.****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-347766451-462584187-1723808825-1336\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> DefaultScope {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {1786F5B0-C834-422C-8C92-083E850EAF86} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=23425EC2-0913-4994-A6D7-1BD0FDBEA40C&apn_sauid=02A4D7D1-273D-4297-AE29-174AF6CD12F7
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{37AD93E9-DA1F-42F5-B753-DF45F69A9B77}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{82967B91-DF95-410D-B46F-471B9D5EB0E9}: [NameServer] 141.30.93.226,141.30.93.135
Tcpip\..\Interfaces\{95EB8C15-CF4D-4ABD-B403-83F82E2B4627}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{B4155EBF-E4A0-424F-98CC-A39EA1453FB3}: [NameServer] 193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\g.****\AppData\Roaming\Mozilla\Firefox\Profiles\7xk1u4y1.default-1417031580608
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-26]
FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\g.****\AppData\Roaming\Mozilla\Firefox\Profiles\s8x6rwk3.default-1399060898605\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]
CHR Extension: (Boston MarketOne) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-10-28]
CHR Extension: (DealPly Brazil) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma [2014-10-28]
CHR Extension: (InfoBird Pro) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-10-28]
CHR Extension: (Skype Click to Call) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-09]
CHR Extension: (Google Wallet) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]
CHR Extension: (Fast Discountz) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd [2014-10-28]
CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\GC395~1.WEI\AppData\Local\BostonMarketOne.crx [2013-07-29]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\GC395~1.WEI\AppData\Local\InfoBirdPro.crx [2013-08-19]
CHR HKLM\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\GC395~1.WEI\AppData\Local\FastDiscountz.crx [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\GC395~1.WEI\AppData\Local\BostonMarketOne.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [fmfnfnpmhcllokmkepffndflpnadjmma] - C:\Program Files (x86)\DealPly\DealPly.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\GC395~1.WEI\AppData\Local\InfoBirdPro.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\GC395~1.WEI\AppData\Local\FastDiscountz.crx [2013-09-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [1131777 2012-12-25] (Avira Operations GmbH & Co. KG) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [340136 2011-10-10] (Avira GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-10-10] (Avira GmbH)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-10] (Avira GmbH)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2011-10-10] (Avira GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8551272 2009-12-08] (DisplayLink Corp.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-10] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-10] (Avira GmbH)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [17408 2011-09-16] (hxxp://libusb-win32.sourceforge.net)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [55296 2009-12-08] (--)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-28 21:07 - 2014-11-28 21:07 - 00000000 ____D () C:\Users\g.****\Desktop\FRST-OlderVersion
2014-11-23 18:23 - 2014-11-23 18:25 - 45120049 _____ () C:\Users\g.****\Downloads\8 - 10 - (10) Preference Isolation (14_36)(1).mp4
2014-11-23 16:38 - 2014-11-23 16:39 - 45120049 _____ () C:\Users\g.****\Downloads\8 - 10 - (10) Preference Isolation (14_36).mp4
2014-11-23 16:35 - 2014-11-23 16:37 - 59224456 _____ () C:\Users\g.****\Downloads\8 - 9 - (9) How Internet Retailing Startups Grow (12_23).mp4
2014-11-23 16:34 - 2014-11-23 16:34 - 28969171 _____ () C:\Users\g.****\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55)(1).mp4
2014-11-23 15:42 - 2014-11-23 15:43 - 28969171 _____ () C:\Users\g.****\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55).mp4
2014-11-23 14:55 - 2014-11-23 14:56 - 31337810 _____ () C:\Users\g.****\Downloads\8 - 7 - (7) The Long Tail Part 1 (10_58).mp4
2014-11-23 14:51 - 2014-11-23 14:52 - 25362312 _____ () C:\Users\g.****\Downloads\8 - 6 - (6) Online_Offline Competition (4_51).mp4
2014-11-23 14:50 - 2014-11-23 14:51 - 12934856 _____ () C:\Users\g.****\Downloads\8 - 5 - (5) Academic Research (3_28).mp4
2014-11-23 14:45 - 2014-11-23 14:46 - 10136029 _____ () C:\Users\g.****\Downloads\8 - 4 - (4) Goods and Information (2_39)(1).mp4
2014-11-23 14:28 - 2014-11-23 14:28 - 10136029 _____ () C:\Users\g.****\Downloads\8 - 4 - (4) Goods and Information (2_39).mp4
2014-11-23 14:23 - 2014-11-23 14:24 - 21561557 _____ () C:\Users\g.****\Downloads\8 - 3 - (3) Friction (4_39).mp4
2014-11-23 14:20 - 2014-11-23 14:22 - 39023006 _____ () C:\Users\g.****\Downloads\8 - 2 - (2) Go To Market Strategies_ Introduction (14_07) .mp4
2014-11-23 14:19 - 2014-11-23 14:19 - 14528058 _____ () C:\Users\g.****\Downloads\8 - 1 - (1) Introduction and Execution (2_09).mp4
2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-11-22 20:35 - 2014-11-22 20:35 - 00001972 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-11-22 20:32 - 2014-11-22 20:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-22 20:32 - 2014-11-22 20:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 20:32 - 2014-11-22 20:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-22 20:31 - 2014-11-22 20:31 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-22 02:55 - 2014-11-24 23:56 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\vlc
2014-11-22 02:54 - 2014-11-22 02:54 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-22 02:54 - 2014-11-22 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-22 02:53 - 2014-11-22 02:53 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-22 02:50 - 2014-11-22 02:50 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Cliqz
2014-11-22 02:50 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-22 02:50 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-22 02:47 - 2014-11-22 02:47 - 01125200 _____ () C:\Users\g.****\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-11-22 02:41 - 2014-11-22 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-11-22 02:31 - 2014-11-22 02:32 - 38232486 _____ () C:\Users\g.****\Downloads\2 - 1 - (1-a) Marketing 101_ Building Strong Brands Part I (15_10).mp4
2014-11-22 02:20 - 2014-11-22 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-22 01:21 - 2014-11-22 01:21 - 00244392 _____ () C:\Users\g.****\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-21 23:34 - 2014-11-21 23:34 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-11-18 22:12 - 2014-11-18 22:12 - 00000000 ____D () C:\Users\g.****\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL_LANtreiber
2014-11-18 22:03 - 2014-11-18 22:03 - 01120817 _____ () C:\Users\g.****\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL.zip
2014-11-18 22:02 - 2014-11-18 22:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-18 22:02 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-18 21:14 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-18 21:00 - 2014-11-18 21:00 - 00000000 ____D () C:\Users\g.****\Desktop\win7-10.0.0.297-whql_wlantreiber
2014-11-18 20:56 - 2014-11-18 20:47 - 02584189 _____ () C:\Users\g.****\Desktop\win7-10.0.0.297-whql.zip
2014-11-14 13:03 - 2014-11-14 13:21 - 00044064 _____ () C:\Users\g.****\Desktop\Result.txt
2014-11-14 13:01 - 2014-11-14 12:48 - 00401920 _____ (Farbar) C:\Users\g.****\Desktop\MiniToolBox.exe
2014-11-10 02:12 - 2014-11-10 02:12 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-B-****-Microsoft-Windows-7-Professional-(64-bit).dat
2014-11-10 02:12 - 2014-11-10 02:12 - 00000000 ____D () C:\RegBackup
2014-11-09 20:49 - 2014-11-09 20:49 - 00003288 ____N () C:\bootsqm.dat
2014-11-09 18:56 - 2014-11-09 18:56 - 00000000 ____D () C:\windows repair_tweakingcom
2014-11-07 22:14 - 2014-11-09 19:02 - 00002161 _____ () C:\Users\g.****\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-11-07 22:07 - 2014-11-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-07 22:06 - 2014-11-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-07 22:02 - 2014-11-07 22:02 - 00000000 ____D () C:\tweaking.com
2014-10-30 17:10 - 2014-10-30 17:10 - 00000000 ____D () C:\Users\g.****\Downloads\Frst64
2014-10-30 17:08 - 2014-10-30 17:08 - 00038743 _____ () C:\Users\g.****\Desktop\FRST_30102014.txt
2014-10-30 17:05 - 2014-10-30 17:05 - 00039193 _____ () C:\Users\g.****\Desktop\Addition_30102014.txt
2014-10-30 17:01 - 2014-10-30 17:03 - 00039193 _____ () C:\Users\g.****\Desktop\Addition.txt
2014-10-30 16:59 - 2014-11-28 21:09 - 00026965 _____ () C:\Users\g.****\Desktop\FRST.txt
2014-10-29 13:12 - 2014-10-29 13:12 - 00031633 _____ () C:\ComboFix.txt
2014-10-29 02:10 - 2014-10-29 13:49 - 00000000 ____D () C:\Qoobox
2014-10-29 02:10 - 2014-10-29 13:49 - 00000000 ____D () C:\ComboFix
2014-10-29 02:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-29 02:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-29 02:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-29 02:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-29 02:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-29 02:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-29 02:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-29 02:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-29 02:08 - 2014-10-29 13:02 - 00000000 ____D () C:\Windows\erdnt
2014-10-29 01:08 - 2014-10-29 01:09 - 05591695 ____R (Swearware) C:\Users\g.****\Desktop\ComboFix.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-28 21:09 - 2014-10-27 19:30 - 00000000 ____D () C:\FRST
2014-11-28 21:08 - 2011-10-10 11:20 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Skype
2014-11-28 21:07 - 2014-10-27 19:29 - 02117632 _____ (Farbar) C:\Users\g.****\Desktop\FRST64.exe
2014-11-28 20:48 - 2013-07-02 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 20:30 - 2011-03-08 05:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-28 19:26 - 2011-03-08 05:28 - 02096996 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 19:17 - 2014-10-27 23:51 - 00000000 ___RD () C:\Users\g.****\Dropbox
2014-11-28 19:17 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Dropbox
2014-11-28 19:17 - 2014-10-26 00:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-28 19:14 - 2011-09-16 15:58 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-11-28 19:14 - 2011-03-08 05:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-11-28 05:19 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 05:19 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 05:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-28 05:13 - 2011-03-08 06:05 - 06718140 _____ () C:\Windows\PFRO.log
2014-11-28 05:13 - 2009-07-14 05:51 - 00100797 _____ () C:\Windows\setupact.log
2014-11-27 20:55 - 2009-08-04 12:10 - 00657254 _____ () C:\Windows\system32\perfh007.dat
2014-11-27 20:55 - 2009-08-04 12:10 - 00131386 _____ () C:\Windows\system32\perfc007.dat
2014-11-27 20:55 - 2009-07-14 06:13 - 01537930 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-27 19:41 - 2011-09-16 15:54 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-11-26 20:53 - 2013-11-20 18:37 - 00000000 ____D () C:\Users\g.****\Desktop\Alte Firefox-Daten
2014-11-26 01:48 - 2013-07-02 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 01:48 - 2012-04-23 12:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 01:48 - 2012-01-18 02:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 18:57 - 2013-04-24 23:02 - 00000000 ____D () C:\Users\g.****\AppData\Local\CUSTPDF Writer
2014-11-25 17:01 - 2014-08-19 14:48 - 00000000 ____D () C:\privat_2
2014-11-23 09:49 - 2011-03-08 05:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-23 09:45 - 2011-09-16 09:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-23 09:36 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini
2014-11-23 09:20 - 2011-03-08 06:21 - 00001473 _____ () C:\Windows\system32\ServiceFilter.ini
2014-11-22 20:33 - 2014-10-26 00:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-22 03:17 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Nico Mak Computing
2014-11-22 03:02 - 2009-07-14 05:45 - 00440480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-22 03:01 - 2014-06-11 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-22 03:01 - 2013-04-23 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-22 02:48 - 2011-09-16 09:26 - 00118032 _____ () C:\Users\g.****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-22 02:32 - 2011-09-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-11-22 01:24 - 2011-10-10 09:59 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-22 01:24 - 2011-10-10 09:59 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-18 22:12 - 2011-08-04 11:19 - 00144912 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\JME.sys
2014-11-18 21:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 21:25 - 2011-03-08 05:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 21:25 - 2011-03-08 05:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 21:19 - 2014-10-27 23:51 - 00000984 _____ () C:\Users\g.****\Desktop\Dropbox.lnk
2014-11-18 21:19 - 2014-10-27 23:49 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 02:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-10 03:06 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-10 03:04 - 2011-09-17 00:51 - 00000000 ____D () C:\Windows\CSC
2014-11-10 02:54 - 2012-06-20 14:24 - 00327680 _____ () C:\Windows\system32\Ikeext.etl
2014-11-09 20:50 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 14:30 - 2013-11-13 03:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 12:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-29 12:31 - 2009-07-14 03:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_302
2014-10-29 00:59 - 2013-04-23 15:32 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\DSite
Some content of TEMP:
====================
C:\Users\g.****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa4sggp.dll
C:\Users\g.****\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-02 07:53
==================== End Of Log ============================
--- --- --- --- --- --- jede Tastatureingabe ist wieder extrem langsam verzögert. auch noch nach dem clean mit AVAST. keine Ahnung woher u. wieso so kurz nach dem combofix schon wieder so viele Trojaner kamen. |
|
30.11.2014, 08:54
| #37 |
| /// the machine /// TB-Ausbilder | msiexec.exe infiziert mit win32 :Malware-gen Fehlt noch die Addition.txt von FRST. 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.11.2014, 14:37
| #38 |
| | msiexec.exe infiziert mit win32 :Malware-gen FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by g.***** (administrator) on B-***** on 30-11-2014 14:25:13
Running from C:\Users\g.*****\Desktop
Loaded Profile: g.***** (Available profiles: Admin & g.*****)
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(ASUS) C:\Windows\AsScrPro.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Dropbox, Inc.) C:\Users\g.*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-10-10] (Avira GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [Run] "C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-347766451-462584187-1723808825-1336\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> DefaultScope {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {1786F5B0-C834-422C-8C92-083E850EAF86} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=23425EC2-0913-4994-A6D7-1BD0FDBEA40C&apn_sauid=02A4D7D1-273D-4297-AE29-174AF6CD12F7
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{37AD93E9-DA1F-42F5-B753-DF45F69A9B77}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{82967B91-DF95-410D-B46F-471B9D5EB0E9}: [NameServer] 141.30.93.226,141.30.93.135
Tcpip\..\Interfaces\{95EB8C15-CF4D-4ABD-B403-83F82E2B4627}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{B4155EBF-E4A0-424F-98CC-A39EA1453FB3}: [NameServer] 193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\g.*****\AppData\Roaming\Mozilla\Firefox\Profiles\7xk1u4y1.default-1417031580608
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-26]
FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\g.*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8x6rwk3.default-1399060898605\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]
CHR Extension: (Boston MarketOne) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-10-28]
CHR Extension: (DealPly Brazil) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma [2014-10-28]
CHR Extension: (InfoBird Pro) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-10-28]
CHR Extension: (Skype Click to Call) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-09]
CHR Extension: (Google Wallet) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]
CHR Extension: (Fast Discountz) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd [2014-10-28]
CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\GC395~1.WEI\AppData\Local\BostonMarketOne.crx [2013-07-29]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\GC395~1.WEI\AppData\Local\InfoBirdPro.crx [2013-08-19]
CHR HKLM\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\GC395~1.WEI\AppData\Local\FastDiscountz.crx [2013-09-04]
CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\GC395~1.WEI\AppData\Local\BostonMarketOne.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [fmfnfnpmhcllokmkepffndflpnadjmma] - C:\Program Files (x86)\DealPly\DealPly.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\GC395~1.WEI\AppData\Local\InfoBirdPro.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\GC395~1.WEI\AppData\Local\FastDiscountz.crx [2013-09-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [1131777 2012-12-25] (Avira Operations GmbH & Co. KG) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [340136 2011-10-10] (Avira GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-10-10] (Avira GmbH)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-10] (Avira GmbH)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2011-10-10] (Avira GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8551272 2009-12-08] (DisplayLink Corp.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-10] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-10] (Avira GmbH)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [17408 2011-09-16] (hxxp://libusb-win32.sourceforge.net)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [55296 2009-12-08] (--)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 23:29 - 2014-11-29 23:29 - 00000000 ____D () C:\Users\g.*****\AppData\Local\Foxit Reader
2014-11-28 21:07 - 2014-11-28 21:07 - 00000000 ____D () C:\Users\g.*****\Desktop\FRST-OlderVersion
2014-11-23 18:23 - 2014-11-23 18:25 - 45120049 _____ () C:\Users\g.*****\Downloads\8 - 10 - (10) Preference Isolation (14_36)(1).mp4
2014-11-23 16:38 - 2014-11-23 16:39 - 45120049 _____ () C:\Users\g.*****\Downloads\8 - 10 - (10) Preference Isolation (14_36).mp4
2014-11-23 16:35 - 2014-11-23 16:37 - 59224456 _____ () C:\Users\g.*****\Downloads\8 - 9 - (9) How Internet Retailing Startups Grow (12_23).mp4
2014-11-23 16:34 - 2014-11-23 16:34 - 28969171 _____ () C:\Users\g.*****\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55)(1).mp4
2014-11-23 15:42 - 2014-11-23 15:43 - 28969171 _____ () C:\Users\g.*****\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55).mp4
2014-11-23 14:55 - 2014-11-23 14:56 - 31337810 _____ () C:\Users\g.*****\Downloads\8 - 7 - (7) The Long Tail Part 1 (10_58).mp4
2014-11-23 14:51 - 2014-11-23 14:52 - 25362312 _____ () C:\Users\g.*****\Downloads\8 - 6 - (6) Online_Offline Competition (4_51).mp4
2014-11-23 14:50 - 2014-11-23 14:51 - 12934856 _____ () C:\Users\g.*****\Downloads\8 - 5 - (5) Academic Research (3_28).mp4
2014-11-23 14:45 - 2014-11-23 14:46 - 10136029 _____ () C:\Users\g.*****\Downloads\8 - 4 - (4) Goods and Information (2_39)(1).mp4
2014-11-23 14:28 - 2014-11-23 14:28 - 10136029 _____ () C:\Users\g.*****\Downloads\8 - 4 - (4) Goods and Information (2_39).mp4
2014-11-23 14:23 - 2014-11-23 14:24 - 21561557 _____ () C:\Users\g.*****\Downloads\8 - 3 - (3) Friction (4_39).mp4
2014-11-23 14:20 - 2014-11-23 14:22 - 39023006 _____ () C:\Users\g.*****\Downloads\8 - 2 - (2) Go To Market Strategies_ Introduction (14_07) .mp4
2014-11-23 14:19 - 2014-11-23 14:19 - 14528058 _____ () C:\Users\g.*****\Downloads\8 - 1 - (1) Introduction and Execution (2_09).mp4
2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-11-22 20:35 - 2014-11-22 20:35 - 00001972 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-11-22 20:32 - 2014-11-22 20:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-22 20:32 - 2014-11-22 20:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 20:32 - 2014-11-22 20:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-22 20:31 - 2014-11-22 20:31 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-22 02:55 - 2014-11-24 23:56 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\vlc
2014-11-22 02:54 - 2014-11-22 02:54 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-22 02:54 - 2014-11-22 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-22 02:53 - 2014-11-22 02:53 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-22 02:50 - 2014-11-22 02:50 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Cliqz
2014-11-22 02:50 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-22 02:50 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-22 02:47 - 2014-11-22 02:47 - 01125200 _____ () C:\Users\g.*****\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-11-22 02:41 - 2014-11-22 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-11-22 02:31 - 2014-11-22 02:32 - 38232486 _____ () C:\Users\g.*****\Downloads\2 - 1 - (1-a) Marketing 101_ Building Strong Brands Part I (15_10).mp4
2014-11-22 02:20 - 2014-11-22 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-22 01:21 - 2014-11-22 01:21 - 00244392 _____ () C:\Users\g.*****\Downloads\Firefox Setup Stub 33.1.1.exe
2014-11-21 23:34 - 2014-11-21 23:34 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-11-18 22:12 - 2014-11-18 22:12 - 00000000 ____D () C:\Users\g.*****\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL_LANtreiber
2014-11-18 22:03 - 2014-11-18 22:03 - 01120817 _____ () C:\Users\g.*****\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL.zip
2014-11-18 22:02 - 2014-11-18 23:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-18 22:02 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-18 21:14 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-18 21:00 - 2014-11-18 21:00 - 00000000 ____D () C:\Users\g.*****\Desktop\win7-10.0.0.297-whql_wlantreiber
2014-11-18 20:56 - 2014-11-18 20:47 - 02584189 _____ () C:\Users\g.*****\Desktop\win7-10.0.0.297-whql.zip
2014-11-14 13:03 - 2014-11-14 13:21 - 00044064 _____ () C:\Users\g.*****\Desktop\Result.txt
2014-11-14 13:01 - 2014-11-14 12:48 - 00401920 _____ (Farbar) C:\Users\g.*****\Desktop\MiniToolBox.exe
2014-11-10 02:12 - 2014-11-10 02:12 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-B-*****-Microsoft-Windows-7-Professional-(64-bit).dat
2014-11-10 02:12 - 2014-11-10 02:12 - 00000000 ____D () C:\RegBackup
2014-11-09 20:49 - 2014-11-09 20:49 - 00003288 ____N () C:\bootsqm.dat
2014-11-09 18:56 - 2014-11-09 18:56 - 00000000 ____D () C:\windows repair_tweakingcom
2014-11-07 22:14 - 2014-11-09 19:02 - 00002161 _____ () C:\Users\g.*****\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-11-07 22:07 - 2014-11-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-07 22:06 - 2014-11-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-07 22:02 - 2014-11-07 22:02 - 00000000 ____D () C:\tweaking.com
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-30 14:25 - 2014-10-30 16:59 - 00026888 _____ () C:\Users\g.*****\Desktop\FRST.txt
2014-11-30 14:25 - 2014-10-27 19:30 - 00000000 ____D () C:\FRST
2014-11-30 13:58 - 2011-03-08 05:28 - 01101548 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 13:56 - 2011-10-10 11:20 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Skype
2014-11-30 13:53 - 2014-10-27 23:51 - 00000000 ___RD () C:\Users\g.*****\Dropbox
2014-11-30 13:53 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Dropbox
2014-11-30 13:53 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 13:53 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 13:50 - 2011-09-16 15:58 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-11-30 13:50 - 2011-09-16 15:54 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-11-30 13:50 - 2011-03-08 05:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 13:48 - 2013-07-02 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 13:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-11-30 13:47 - 2011-03-08 06:05 - 06728646 _____ () C:\Windows\PFRO.log
2014-11-30 13:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 13:47 - 2009-07-14 05:51 - 00100909 _____ () C:\Windows\setupact.log
2014-11-30 02:30 - 2011-03-08 05:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 00:04 - 2009-08-04 12:10 - 00657254 _____ () C:\Windows\system32\perfh007.dat
2014-11-30 00:04 - 2009-08-04 12:10 - 00131386 _____ () C:\Windows\system32\perfc007.dat
2014-11-30 00:04 - 2009-07-14 06:13 - 01537930 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-28 21:07 - 2014-10-27 19:29 - 02117632 _____ (Farbar) C:\Users\g.*****\Desktop\FRST64.exe
2014-11-28 19:17 - 2014-10-26 00:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-26 20:53 - 2013-11-20 18:37 - 00000000 ____D () C:\Users\g.*****\Desktop\Alte Firefox-Daten
2014-11-26 01:48 - 2013-07-02 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 01:48 - 2012-04-23 12:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 01:48 - 2012-01-18 02:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 19:01 - 2013-04-24 23:02 - 00000000 ____D () C:\Users\g.*****\AppData\Local\CUSTPDF Writer
2014-11-25 17:01 - 2014-08-19 14:48 - 00000000 ____D () C:\privat_2
2014-11-23 09:49 - 2011-03-08 05:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-23 09:45 - 2011-09-16 09:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-23 09:36 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini
2014-11-23 09:20 - 2011-03-08 06:21 - 00001473 _____ () C:\Windows\system32\ServiceFilter.ini
2014-11-22 20:33 - 2014-10-26 00:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-22 20:32 - 2014-10-26 00:02 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-22 03:17 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Nico Mak Computing
2014-11-22 03:02 - 2009-07-14 05:45 - 00440480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-22 03:01 - 2014-06-11 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-22 03:01 - 2013-04-23 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-22 02:48 - 2011-09-16 09:26 - 00118032 _____ () C:\Users\g.*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-22 02:32 - 2011-09-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-11-22 01:24 - 2011-10-10 09:59 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-22 01:24 - 2011-10-10 09:59 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-18 22:12 - 2011-08-04 11:19 - 00144912 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\JME.sys
2014-11-18 21:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 21:25 - 2011-03-08 05:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 21:25 - 2011-03-08 05:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 21:19 - 2014-10-27 23:51 - 00000984 _____ () C:\Users\g.*****\Desktop\Dropbox.lnk
2014-11-18 21:19 - 2014-10-27 23:49 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-15 02:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-10 03:06 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-10 03:04 - 2011-09-17 00:51 - 00000000 ____D () C:\Windows\CSC
2014-11-10 02:54 - 2012-06-20 14:24 - 00327680 _____ () C:\Windows\system32\Ikeext.etl
2014-11-09 20:50 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 14:30 - 2013-11-13 03:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\g.*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc7xtm0.dll
C:\Users\g.*****\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-02 07:53
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by g.***** at 2014-11-30 14:27:13
Running from C:\Users\g.*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
AFORS-HET 2.4.1 (HKLM-x32\...\AFORS-HET_is1) (Version: - Helmholtz-Zentrum Berlin)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.41 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
Asus_PSeries_Screensaver (HKLM-x32\...\Asus_PSeries_Screensaver) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avira AntiVir Professional (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.2.0.1064 - Avira GmbH)
Avira Security Management Center Agent (HKLM-x32\...\{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}) (Version: - Avira GmbH)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version: - Oberon Media Inc.)
Bootstrapper (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.127.0.61 - Conexant)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{34000989-17D6-4271-9800-D78CF94B3BED}) (Version: 5.2.22617.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DB6D5CB2-92FF-4B41-98AA-54C62C926E83}) (Version: 5.2.22826.0 - DisplayLink Corp.)
Dropbox (HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free DWG Viewer 7.0 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.0.1 - IGC)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version: - Oberon Media Inc.)
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version: - Oberon Media Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor 3 (HKLM-x32\...\Luxor 3) (Version: - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version: - Oberon Media Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.1 - Minitab, Inc.)
Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)
Minitab16 (x32 Version: 16.2.1.0 - Minitab Inc) Hidden
Minitab16 (x32 Version: 16.2.1.0 - Minitab, Inc.) Hidden
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: - Mobile Connection Manager)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.705 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version: - Oberon Media Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden
STP Viewer 2.3 (HKLM-x32\...\{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1) (Version: - IdeaMK)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version: - Oberon Media Inc.)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
23-11-2014 08:25:14 Windows Update
23-11-2014 08:48:32 Windows Update
24-11-2014 02:00:23 Windows Update
26-11-2014 02:00:48 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-11-10 02:59 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0DD8E9FA-5221-4425-B642-47E2B50D6A0B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {199F694F-1F73-4C29-8460-D1D17CF0473A} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-10-15] (ASUS)
Task: {1DC43702-0414-4A71-886A-DBDB51BE4792} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {48A2D53D-A977-4528-AB9D-9F7CCCD0C2D9} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {5A254883-3B20-45DB-B4AD-2C65E1E8242C} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-12] ()
Task: {5ADEBF77-533D-419F-A0D3-1D680F36060F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {612C6DC8-F1AB-41D7-B320-7316C739DA0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {6663CCD4-A2B1-482F-8109-C1F3987A5249} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {66900E75-FE77-4146-84F8-3B50C35EA902} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {960F4542-7743-4E93-87E2-880A9DB261C7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {A5D55876-4AD7-4E9F-8C78-627EFCB29E6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {AFD0E19F-FDCB-4086-9400-D6C0FACE4A8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {B9F1E749-5232-43D7-A81B-CB8920AAD0CA} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-10-01] (asus)
Task: {D5B2A4FE-307E-43AC-8999-358EA080D05D} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-23 15:33 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2011-10-24 11:39 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-07-09 15:01 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-12 02:35 - 2010-05-12 02:35 - 00489392 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-03-08 06:22 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2011-03-08 05:55 - 2011-03-08 05:55 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2011-03-08 05:55 - 2011-03-08 05:55 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-03-12 05:14 - 2010-03-12 05:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-09-24 01:53 - 2010-09-24 01:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-11-29 20:12 - 2014-11-29 20:12 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14112901\algo.dll
2014-11-30 13:48 - 2014-11-30 13:48 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14113000\algo.dll
2011-10-10 10:03 - 2011-10-10 10:03 - 00355688 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-10-10 10:01 - 2011-12-01 11:36 - 00126721 _____ () C:\Program Files (x86)\Avira\Avira Security Management Center Agent\SCEWXMLW.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-11-22 20:32 - 2014-11-22 20:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-30 13:52 - 2014-11-30 13:52 - 00043008 _____ () c:\users\gc395~1.wei\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc7xtm0.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\g.*****\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-10-01 00:13 - 2010-10-01 00:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-10-01 00:13 - 2010-10-01 00:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-10-01 00:14 - 2010-10-01 00:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-10-01 00:13 - 2010-10-01 00:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2014-11-22 01:24 - 2014-11-14 03:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-26 01:48 - 2014-11-26 01:48 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
========================= Accounts: ==========================
Admin (S-1-5-21-1122509215-102311790-3122138105-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1122509215-102311790-3122138105-500 - Administrator - Disabled)
Gast (S-1-5-21-1122509215-102311790-3122138105-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/26/2014 08:45:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 33.1.1.5430 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1d28
Startzeit: 01d009b16bacfe18
Endzeit: 47
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: d5b314cc-75a4-11e4-a71f-74f06dd08b0f
Error: (11/26/2014 08:44:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 33.1.1.5430 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 808
Startzeit: 01d009b126c707de
Endzeit: 31
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: a4b2db21-75a4-11e4-a71f-74f06dd08b0f
Error: (11/26/2014 08:42:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 33.1.1.5430 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16a8
Startzeit: 01d0097cd83f377f
Endzeit: 213
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 5a92400b-75a4-11e4-a71f-74f06dd08b0f
Error: (11/24/2014 03:28:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: splwow64.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd3ca
Name des fehlerhaften Moduls: GDI32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdf01
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000015673
ID des fehlerhaften Prozesses: 0x2f08
Startzeit der fehlerhaften Anwendung: 0xsplwow64.exe0
Pfad der fehlerhaften Anwendung: splwow64.exe1
Pfad des fehlerhaften Moduls: splwow64.exe2
Berichtskennung: splwow64.exe3
Error: (11/24/2014 00:50:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: splwow64.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd3ca
Name des fehlerhaften Moduls: GDI32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdf01
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000015673
ID des fehlerhaften Prozesses: 0xe4c
Startzeit der fehlerhaften Anwendung: 0xsplwow64.exe0
Pfad der fehlerhaften Anwendung: splwow64.exe1
Pfad des fehlerhaften Moduls: splwow64.exe2
Berichtskennung: splwow64.exe3
Error: (11/21/2014 08:06:56 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)
Description: Das Update von B-***** (192.168.1.190) ist fehlgeschlagen.
Keine gültige Lizenz gefunden. .
Es wurden keine neuen Dateien geladen.
Error: (11/21/2014 07:48:58 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={2026BB5C-6A34-4503-99F9-0F820D9D3D39}: Der Benutzer "*****\g.*****" hat eine Verbindung mit dem Namen "o2 Internet" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 797.
Error: (11/18/2014 10:25:12 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={29C40B17-1752-4FBC-AF62-6BE8BC7C472D}: Der Benutzer "*****\g.*****" hat eine Verbindung mit dem Namen "b*****" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 807.
Error: (11/18/2014 10:17:28 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={9637FD70-7D9C-4009-A10D-90BBD9D39A34}: Der Benutzer "*****\g.*****" hat eine Verbindung mit dem Namen "b*****" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 1168.
Error: (11/15/2014 04:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667, Zeitstempel: 0x4c7dc5a1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x056400c4
ID des fehlerhaften Prozesses: 0xf64
Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0
Pfad der fehlerhaften Anwendung: wmplayer.exe1
Pfad des fehlerhaften Moduls: wmplayer.exe2
Berichtskennung: wmplayer.exe3
System errors:
=============
Error: (11/30/2014 01:51:41 PM) (Source: TermService) (EventID: 1067) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (11/30/2014 01:50:42 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: *****)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (11/30/2014 01:50:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1792
Error: (11/30/2014 01:50:42 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT-AUTORITÄT)
Description: Der Zeitdienst wurde heruntergefahren, da ein Fehler aufgetreten ist. Fehler: 0x80070700: Es wurde versucht, sich anzumelden, aber der Netzwerkanmeldedienst war nicht gestartet.
Error: (11/30/2014 01:48:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1792
Error: (11/30/2014 01:48:30 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT-AUTORITÄT)
Description: Der Zeitdienst wurde heruntergefahren, da ein Fehler aufgetreten ist. Fehler: 0x80070700: Es wurde versucht, sich anzumelden, aber der Netzwerkanmeldedienst war nicht gestartet.
Error: (11/30/2014 01:48:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira AntiVir WebGuard" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (11/30/2014 01:48:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (11/30/2014 01:47:41 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT-AUTORITÄT)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben:
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller.
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
Error: (11/30/2014 03:13:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DisplayLinkManager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (06/09/2014 04:51:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4138 seconds with 2580 seconds of active time. This session ended with a crash.
Error: (06/09/2014 03:41:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7957 seconds with 1740 seconds of active time. This session ended with a crash.
Error: (06/07/2014 02:10:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32854 seconds with 8880 seconds of active time. This session ended with a crash.
Error: (06/06/2014 05:02:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20089 seconds with 6960 seconds of active time. This session ended with a crash.
Error: (06/05/2014 09:23:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 199097 seconds with 14520 seconds of active time. This session ended with a crash.
Error: (06/04/2014 00:43:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 61835 seconds with 2100 seconds of active time. This session ended with a crash.
Error: (06/03/2014 07:33:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1626 seconds with 540 seconds of active time. This session ended with a crash.
Error: (06/03/2014 00:02:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1446 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (06/02/2014 11:37:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1772 seconds with 1500 seconds of active time. This session ended with a crash.
Error: (05/31/2014 11:26:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25741 seconds with 4080 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-10-29 11:53:29.029
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-29 11:53:28.888
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 86%
Total physical RAM: 1900.3 MB
Available physical RAM: 250.98 MB
Total Pagefile: 3800.59 MB
Available Pagefile: 1409.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:16.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:202.08 GB) (Free:8.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
30.11.2014, 18:10
| #39 |
| /// the machine /// TB-Ausbilder | msiexec.exe infiziert mit win32 :Malware-gen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.12.2014, 22:03
| #40 |
| | msiexec.exe infiziert mit win32 :Malware-gen wie ist es mit WLAN? soll ich Drahtlosnetzwerkverbindung trennen? damit kein internetverbindung während combofix und deaktiviertem Virenscanner ist? vorher wiederherstellungspunkt in windows machen? firewall aktiviert lassen während combofix? combofix ist durchgelaufen. hat aber 12 h gedauert. log.txt am Bildschirm erschienen (habe ich auch noch zusätzlich abgespeichert). aber jetzt steht seit einer Stunde der Bildschirm mit blauem Windowshintergrund ohne irgendwelche desktopicons und ohne menütaskleiste. ist das normal? läuft combofix noch oder muss man Rechner über taskmanager neu starten? ich schreibe dies hier über einen anderen Rechner. im windows task manager ist CPU Auslastung fast ständig 0%, manchmal kurzzeitig 1,2 oder 9%. es sind einige Prozesse und Dienste im Status 'wird ausgeführt', jedoch finde ich nichts über combofix. ansonsten blauer Bildschirm, blank nur mit windowsfarbensymbol im Zentrum, keine Icons, keine Menü-Taskleiste. es ändert sich nichts mehr. das heißt combofix ist abgeschlossen??? Neustart über Taskmanager machen??? combofix log.txt habe ich per USBstick hierher auf den anderen Rechner übertragen. der Bildschirm am infizierten Rechner ist immer noch im gleichen regungslosen Zustand ohne taskleiste oder icons Code:
ATTFilter ComboFix 14-11-25.01 - g****** 01.12.2014 4:42.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1900.678 [GMT 1:00]
ausgeführt von:: c:\users\g******\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\~.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-01 bis 2014-12-01 ))))))))))))))))))))))))))))))
.
.
2014-12-01 13:53 . 2014-12-01 13:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-12-01 13:53 . 2014-12-01 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-01 13:53 . 2014-12-01 13:53 -------- d-----w- c:\users\p********\AppData\Local\temp
2014-12-01 13:53 . 2014-12-01 13:53 -------- d-----w- c:\users\d********\AppData\Local\temp
2014-12-01 13:53 . 2014-12-01 13:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-12-01 13:53 . 2014-12-01 13:53 -------- d-----w- c:\users\Admin\AppData\Local\temp
2014-12-01 00:56 . 2014-12-01 00:56 1928228 ----a-w- c:\windows\SysWow64\~.tmp
2014-11-29 22:29 . 2014-11-29 22:29 -------- d-----w- c:\users\g******\AppData\Local\Foxit Reader
2014-11-28 18:26 . 2014-11-17 01:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7F068AE-A38C-438B-87E5-9F3893A06D87}\mpengine.dll
2014-11-23 08:32 . 2014-11-23 08:32 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-11-22 19:32 . 2014-11-22 19:31 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-11-22 19:32 . 2014-11-22 19:32 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-22 19:32 . 2014-11-22 19:32 43152 ----a-w- c:\windows\avastSS.scr
2014-11-22 19:31 . 2014-11-22 19:31 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-11-22 01:55 . 2014-11-24 22:56 -------- d-----w- c:\users\g******\AppData\Roaming\vlc
2014-11-22 01:53 . 2014-11-22 01:53 -------- d-----w- c:\program files (x86)\VideoLAN
2014-11-22 01:50 . 2011-05-13 10:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2014-11-22 01:50 . 2011-03-25 18:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2014-11-22 01:50 . 2014-11-22 01:50 -------- d-----w- c:\users\g******\AppData\Roaming\Cliqz
2014-11-22 01:17 . 2014-11-22 01:17 -------- d-----w- c:\program files\Microsoft Silverlight
2014-11-22 01:17 . 2014-11-22 01:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-11-21 20:24 . 2014-11-21 20:24 220784 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\sandboxbroker.dll
2014-11-18 21:02 . 2014-11-18 22:06 -------- d-----w- c:\windows\system32\MRT
2014-11-18 20:14 . 2014-09-15 00:44 3195392 ----a-w- c:\windows\system32\win32k.sys
2014-11-10 02:05 . 2014-11-18 22:07 -------- d-----w- c:\windows\system32\catroot2
2014-11-10 01:47 . 2014-11-10 01:47 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-11-10 01:12 . 2014-11-10 01:12 -------- d-----w- C:\RegBackup
2014-11-09 17:56 . 2014-11-09 17:56 -------- d-----w- C:\windows repair_tweakingcom
2014-11-07 21:06 . 2014-11-07 21:06 -------- d-----w- c:\program files (x86)\Tweaking*com
2014-11-07 21:02 . 2014-11-07 21:02 -------- d-----w- C:\tweaking*com
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-30 12:50 . 2011-09-16 14:54 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-11-26 00:48 . 2012-04-23 11:41 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-26 00:48 . 2012-01-18 01:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-22 19:33 . 2014-10-25 23:02 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-22 19:32 . 2014-10-25 23:02 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-22 19:32 . 2014-10-25 23:02 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-22 19:32 . 2014-10-25 23:02 83280 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-22 19:32 . 2014-10-25 23:02 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-22 19:32 . 2014-10-25 23:02 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-22 19:32 . 2014-10-25 23:02 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-22 19:32 . 2014-10-25 23:02 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-18 21:12 . 2011-08-04 10:19 144912 ----a-w- c:\windows\system32\drivers\JME.sys
2014-11-04 13:30 . 2013-11-13 02:18 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-28 14:24 . 2014-10-28 14:38 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-28 14:24 . 2014-10-28 14:37 895912 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2014-10-28 14:24 . 2014-10-28 14:37 816552 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-10-16 12:07 . 2010-06-24 19:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09 131480 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg*exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-10 281768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-22 5226600]
.
c:\users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\g******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-3-8 548528]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1083680]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-3-8 12862]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"Run"= "c:\users\g******\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-347766451-462584187-1723808825-1279\Scripts\Logon\0\0]
"Script"=user_logon.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-347766451-462584187-1723808825-1334\Scripts\Logon\0\0]
"Script"=user_logon.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-347766451-462584187-1723808825-1336\Scripts\Logon\0\0]
"Script"=user_logon.cmd
.
R2 AntiVir Security Management Center Agent;Avira Security Management Center Agent;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe [x]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\USBMAC64.SYS;c:\windows\SYSNATIVE\DRIVERS\USBMAC64.SYS [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 00:48]
.
2014-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-08 10:29]
.
2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-08 10:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-22 19:32 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{37AD93E9-DA1F-42F5-B753-DF45F69A9B77}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{82967B91-DF95-410D-B46F-471B9D5EB0E9}: NameServer = 141.30.93.226,141.30.93.135
TCP: Interfaces\{95EB8C15-CF4D-4ABD-B403-83F82E2B4627}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{B4155EBF-E4A0-424F-98CC-A39EA1453FB3}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\g******\AppData\Roaming\Mozilla\Firefox\Profiles\7xk1u4y1.default-1417031580608\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - (no file)
Toolbar-Locked - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2014-12-01 14:59:19
ComboFix-quarantined-files.txt 2014-12-01 13:59
ComboFix2.txt 2014-10-29 12:12
.
Vor Suchlauf: 19 Verzeichnis(se), 19.297.333.248 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 20.318.126.080 Bytes frei
.
- - End Of File - - 4E6FBAD55EA1A187742D093A03DD7F36
will nur sichergehen dass ich nicht in combofix eingreife |
|
02.12.2014, 20:35
| #41 |
| /// the machine /// TB-Ausbilder | msiexec.exe infiziert mit win32 :Malware-gen Rechner neu starten. Dann: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.12.2014, 14:45
| #42 |
| | msiexec.exe infiziert mit win32 :Malware-gen malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.12.2014 Suchlauf-Zeit: 11:13:43 Logdatei: mbam_03122014.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.12.03.04 Rootkit Datenbank: v2014.12.02.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: g***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 505961 Verstrichene Zeit: 50 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 17 PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [d69a263806769a9c0bcb7e81748e966a], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [d69a263806769a9c0bcb7e81748e966a], PUP.Optional.Wajam.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [3937eb736319181e6df707c540c224dc], PUP.Optional.Wajam.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [3937eb736319181e6df707c540c224dc], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd.1, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, In Quarantäne, [442cf06e1f5d0036511813550ff4c040], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS, In Quarantäne, [81efdd81423ad5617347361aff04d828], PUP.Optional.Spigot.A, HKU\S-1-5-21-347766451-462584187-1723808825-1279-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, In Quarantäne, [68085fff354765d1a2e77f3a798b16ea], PUP.Optional.Spigot.A, HKU\S-1-5-21-347766451-462584187-1723808825-1334-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, In Quarantäne, [c0b03529c5b77db94e3ba8118084ad53], PUP.Optional.DealPly.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPly, In Quarantäne, [fc74332b265692a4ae524700c43f8f71], PUP.Optional.DigitalSites.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, In Quarantäne, [2b452e30ec902c0a6c10d7eb996b8779], PUP.Optional.InstallCore.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [f37dfd611a620234d0cc198064a02bd5], PUP.Optional.Spigot.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS, In Quarantäne, [c3add08e0b712610fdba74dcf80ba759], Registrierungswerte: 8 PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE, 1, In Quarantäne, [97d9e777502cc96dff540995da27d62a] PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS|installDir, C:\Program Files (x86)\Common Files\Spigot\Search Settings\, In Quarantäne, [81efdd81423ad5617347361aff04d828] PUP.Optional.InstallCore.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M1S1H1K2U, In Quarantäne, [f37dfd611a620234d0cc198064a02bd5] Trojan.Agent, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\g*****\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe", In Quarantäne, [4f21f9655527bb7b371d7bd2dd2652ae] PUP.Optional.Spigot.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS|GCProtected, 0, In Quarantäne, [c3add08e0b712610fdba74dcf80ba759] PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0] PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\{4D6A6C8E-1EB2-46E1-8CAA-40DAFDE3ED93}.XPI, 1, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0] PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\{62DD0A97-FDD4-421B-94A5-D1A9434450C7}.XPI, 1, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 17 PUP.OPtional.Dealply.A, C:\Users\g*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [7000431b3c400f27c72a1b7d4db70ef2], PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly\UpdateProc, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], PUP.Optional.Spigot.A, C:\Users\d.*******\AppData\LocalLow\Search Settings, In Quarantäne, [5f1169f594e8fa3ceba775b561a2867a], PUP.Optional.Spigot.A, C:\Users\d.*******\AppData\LocalLow\Search Settings\res, In Quarantäne, [5f1169f594e8fa3ceba775b561a2867a], PUP.Optional.Spigot.A, C:\Users\d.*******\AppData\LocalLow\Search Settings\temp, In Quarantäne, [5f1169f594e8fa3ceba775b561a2867a], PUP.Optional.Spigot.A, C:\Users\g*****\AppData\LocalLow\Search Settings, In Quarantäne, [155b75e9a0dce551078ba28813f0d12f], PUP.Optional.Spigot.A, C:\Users\g*****\AppData\LocalLow\Search Settings\res, In Quarantäne, [155b75e9a0dce551078ba28813f0d12f], PUP.Optional.Spigot.A, C:\Users\g*****\AppData\LocalLow\Search Settings\temp, In Quarantäne, [155b75e9a0dce551078ba28813f0d12f], PUP.Optional.Spigot.A, C:\Users\p.*******\AppData\LocalLow\Search Settings, In Quarantäne, [244c1f3f88f4ca6ca7ebe4467291a35d], PUP.Optional.Spigot.A, C:\Users\p.*******\AppData\LocalLow\Search Settings\res, In Quarantäne, [244c1f3f88f4ca6ca7ebe4467291a35d], PUP.Optional.Spigot.A, C:\Users\p.*******\AppData\LocalLow\Search Settings\temp, In Quarantäne, [244c1f3f88f4ca6ca7ebe4467291a35d], PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], Dateien: 36 PUP.Optional.Spigot.A, C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe, In Quarantäne, [97d9e777502cc96dff540995da27d62a], PUP.Optional.Spigot.A, C:\Windows\Installer\75dbd.msi, In Quarantäne, [224e203ed6a658dec2be5a6d5fa2cb35], Trojan.MalPack, C:\Windows\Installer\{3866EC09-2C7E-4FD0-ACDD-35C5764D967C}\api-ms-win-system-apds-l1-1-0.dll, In Quarantäne, [6d03ef6feb9194a29a5f2cb2b64b6b95], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [234d1c426b11290d90804b168a790af6], PUP.OPtional.Dealply.A, C:\Users\g*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [7000431b3c400f27c72a1b7d4db70ef2], PUP.OPtional.Dealply.A, C:\Users\g*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url, In Quarantäne, [7000431b3c400f27c72a1b7d4db70ef2], PUP.OPtional.Dealply.A, C:\Users\g*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url, In Quarantäne, [7000431b3c400f27c72a1b7d4db70ef2], PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly\UpdateProc\config*****dat, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly\UpdateProc\info.dat, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc\config*****dat, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\config*****ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth190.dll, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx190.dll, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}.xpi, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}.xpi, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.103 - Bericht erstellt am 03/12/2014 um 13:04:55
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-02.2 [Live]
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzername : g****** - B*****
# Gestartet von : C:\Users\g******\Desktop\AdwCleaner_4.103.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Partnersolar
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Users\d.*******\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\g******\Qtrax
Ordner Gelöscht : C:\Users\g******\AppData\Local\apn
Ordner Gelöscht : C:\Users\g******\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\g******\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\g******\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\g******\AppData\Roaming\pdfforge
[!] Ordner Gelöscht : C:\Users\g******\AppData\Roaming\Mozilla\Firefox\Profiles\jmz6nko4.default\Extensions\pdfforge@mybrowserbar.com
Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl
Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd
Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd
Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe
Datei Gelöscht : C:\Users\g******\AppData\Local\FastDiscountz.crx
Datei Gelöscht : C:\Users\g******\AppData\Local\BostonMarketOne.crx
***** [ Tasks ] *****
Task Gelöscht : DealPlyUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1786F5B0-C834-422C-8C92-083E850EAF86}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\qtrax
Schlüssel Gelöscht : HKLM\SOFTWARE\pdfforge
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
-\\ Mozilla Firefox v33.1.1 (x86 de)
-\\ Google Chrome v
[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=23425EC2-0913-4994-A6D7-1BD0FDBEA40C&apn_ptnrs=U3&apn_sauid=02A4D7D1-273D-4297-AE29-174AF6CD12F7&apn_dtid=OSJ000YYDE&q={searchTerms}
[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=23425EC2-0913-4994-A6D7-1BD0FDBEA40C&apn_ptnrs=U3&apn_sauid=02A4D7D1-273D-4297-AE29-174AF6CD12F7&apn_dtid=OSJ000YYDE&q={searchTerms}
[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : fmfnfnpmhcllokmkepffndflpnadjmma
[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : icanoneicgaahjbilcgdmnhoocddknbl
[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : oldchfemoapgakfjnmbngnljnkoapbhd
[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : dleekdifoepfadaikncodjgnkkffkccd
[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
*************************
AdwCleaner[R0].txt - [8982 octets] - [03/12/2014 12:58:00]
AdwCleaner[S0].txt - [8580 octets] - [03/12/2014 13:04:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8640 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by g****** on 03.12.2014 at 13:55:36,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
~~~ Files
Successfully deleted: [File] "C:\Users\g******\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2014 at 14:08:29,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014 Ran by g****** (administrator) on B-***** on 03-12-2014 14:16:32 Running from C:\Users\g******\Desktop Loaded Profile: g****** (Available profiles: Admin & g******) Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (ASUS) C:\Windows\AsScrPro.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ASUS) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPg*exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\g******\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg*exe [328992 2008-11-03] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] () HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-10-10] (Avira GmbH) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [TaskbarNoNotification] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\g******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-347766451-462584187-1723808825-1336\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing*com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing*com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing*com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing*com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> DefaultScope {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg*dll (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{37AD93E9-DA1F-42F5-B753-DF45F69A9B77}: [NameServer] 193.189.244.206 193.189.244.225 Tcpip\..\Interfaces\{82967B91-DF95-410D-B46F-471B9D5EB0E9}: [NameServer] 141.30.93.226,141.30.93.135 Tcpip\..\Interfaces\{95EB8C15-CF4D-4ABD-B403-83F82E2B4627}: [NameServer] 193.189.244.206 193.189.244.225 Tcpip\..\Interfaces\{B4155EBF-E4A0-424F-98CC-A39EA1453FB3}: [NameServer] 193.189.244.225 193.189.244.206 FireFox: ======== FF ProfilePath: C:\Users\g******\AppData\Roaming\Mozilla\Firefox\Profiles\7xk1u4y1.default-1417031580608 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPg*dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-06-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-26] FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\g******\AppData\Roaming\Mozilla\Firefox\Profiles\s8x6rwk3.default-1399060898605\extensions\cliqz@cliqz.com Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File CHR Plugin: (Skype Toolbars) - C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPg*dll (Microsoft Corporation) CHR Profile: C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28] CHR Extension: (Google Wallet) - C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed] R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [1131777 2012-12-25] (Avira Operations GmbH & Co. KG) [File not signed] S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [340136 2011-10-10] (Avira GmbH) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-10-10] (Avira GmbH) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-10] (Avira GmbH) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2011-10-10] (Avira GmbH) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software) R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8551272 2009-12-08] (DisplayLink Corp.) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.) R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-10] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-10] (Avira GmbH) S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [17408 2011-09-16] (hxxp://libusb-win32.sourceforge.net) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [55296 2009-12-08] (--) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aksdf.sys 94C0972B06C75456ED574DD46417B1D8 C:\Windows\system32\drivers\aksfridge.sys 7B0BC062CA6ABAB23F88EA483B5A538E C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961 C:\Windows\System32\Drivers\assd.sys A7E7AE771A2FCDBD5F28910A38D9A82C C:\Windows\system32\drivers\aswHwid.sys 9BE9F2B83DE80E2752B1405CC427E2EC C:\Windows\system32\drivers\aswKbd.sys EAFC6970073525E98D4D0E2B56741227 C:\Windows\system32\drivers\aswMonFlt.sys 2DA1C1AEDF454F8E32A863A1AEACDD8C C:\Windows\System32\DRIVERS\aswNdisFlt.sys 8025E7521EB601207627E8B4722ACE19 C:\Windows\system32\drivers\aswRdr2.sys 4750016EF9CC1DEC6DA3FE5AF9A7F095 C:\Windows\System32\Drivers\aswRvrt.sys 1323269A92645705DEFA053F3596829D C:\Windows\system32\drivers\aswSnx.sys E74FD717476B30E23F45354B8F3ACB30 C:\Windows\system32\drivers\aswSP.sys B1881A01E301990B671694CA1623F1B6 C:\Windows\system32\drivers\aswStm.sys 7509F07BA6F84C1E3B2C0D78A1F6F782 C:\Windows\System32\Drivers\aswVmm.sys 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys DEA40050BBD55F6F5FF895B50D15646B C:\Windows\System32\DRIVERS\avgntflt.sys B1224E6B086CD6548315B04AB575A23E C:\Windows\System32\DRIVERS\avipbb.sys ED45F12CFA62B83765C9C1496758CC87 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys D59773C7FDD3D795D6FE402EEEA8D71E C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4 C:\Windows\System32\drivers\btusbflt.sys D3466F77C2C49C6E393BA5FBA963A33E C:\Windows\System32\drivers\btwaudio.sys A72A9101F9730DB7332714E566614E4D C:\Windows\System32\drivers\btwavdt.sys 5CEEC634B617525F2B6AD29F871033F7 C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975 C:\Windows\System32\DRIVERS\btwrchid.sys 2AF5604D28BEF77B7CF4B9D232FE7CD3 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng*sys CA7720B73446FDDEC5C69519C1174C98 C:\Windows\System32\drivers\CHDRT64.sys 1D6C3F92AF23E352875438085F6AEDEE C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys 15D38BFEC1C6DB925A9427052AC2BD77 C:\Windows\system32\drivers\dlkmd.sys F7B3C3E03D957D73D41947402D9CD406 C:\Windows\System32\drivers\dlkmdldr.sys 389FB1D69A1B0E2403327590BF50084B C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys EBCE0B0924835F635F620D19F0529DCE C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ETD.sys 05B0DCDA418E297A1B4CD8D7B8ADE403 C:\Windows\System32\DRIVERS\ewusbnet.sys 8ADACFFAD67394C711698EA074CE3BAB C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064 C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hardlock.sys 78FAD9117E4527F2CA82259DA10F40BD C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ewusbdev.sys B45B3647BA32749B94FA689175EC8C26 C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys 2064090C9FAAD92C090D77E50E735B2E C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\igdkmd64.sys B744E1375CD1DB3EB7B89781B8C93D9F C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9 C:\Windows\System32\DRIVERS\IntcDAud.sys 58CF58DEE26C909BD6F977B61D246295 C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\jmcr.sys DB917B998CBC15A153C00DD6EFC34C13 C:\Windows\System32\DRIVERS\JME.sys 8B330C984B74DE670B2FDC4147C77FF2 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4 C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5 C:\Windows\System32\Drivers\ksecpkg*sys 6F40465A44ECDC1731BEFAFEC5BDD03C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lullaby.sys 085435AE1A124361304044029B5CC644 C:\Windows\System32\drivers\massfilter.sys 1B4DBCAA0321BBB76255983148051F09 C:\Windows\System32\drivers\massfilter_hs.sys 7AD627CDB12F5F451F24C8A97CA6E175 C:\Windows\system32\drivers\mbam.sys 5C3669B71657F22E67A1D4BD49D2CBE7 C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3 C:\Windows\system32\drivers\mwac.sys 95EF63A7827D4E3A229CBBCB42619E93 C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBMAC64.SYS 1CC353D6B0EFBC411BC34AE70E5F5B38 C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig*sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8 C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3 C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1 C:\Windows\System32\drivers\rdyboost.sys E5DC9BA9E439D6DBDD79F8CAACB5BF01 C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6 C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 2C8D162EFAF73ABD36D8BCBB6340CAE7 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933 C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\snp2uvc.sys 1D8474722CDFFBB8FCA5FA12C50A05A2 C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895 C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC C:\Windows\System32\drivers\tcpipreg*sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1 C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1 C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1 C:\Windows\System32\DRIVERS\vpchbus.sys ABD9B4A7E2D0AE51A3B8DF1AF3152D61 C:\Windows\System32\DRIVERS\vpcnfltr.sys 8ACDA395841538CE9713A67FE8B2A3EB C:\Windows\System32\DRIVERS\vpcusb.sys 31924E31BC315773E6D149B157DB46D5 C:\Windows\System32\drivers\vpcvmm.sys A5D16559D80CFA1DCB98F46410BE5551 C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0 C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys AD6558FBC66691959BA4AC55A57C3921 C:\Windows\System32\DRIVERS\ZTEusbnmea.sys AD6558FBC66691959BA4AC55A57C3921 C:\Windows\System32\DRIVERS\ZTEusbser6k.sys AD6558FBC66691959BA4AC55A57C3921 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-03 14:12 - 2014-12-03 14:12 - 00001935 _____ () C:\Users\g******\Desktop\JRT_03122014.txt 2014-12-03 14:08 - 2014-12-03 14:08 - 00001933 _____ () C:\Users\g******\Desktop\JRT.txt 2014-12-03 13:55 - 2014-12-03 13:55 - 00000000 ____D () C:\Windows\ERUNT 2014-12-03 13:52 - 2014-12-03 13:52 - 01707646 _____ (Thisisu) C:\Users\g******\Desktop\JRT.exe 2014-12-03 13:32 - 2014-12-03 13:32 - 00013577 _____ () C:\Users\g******\Desktop\mbam_03122014_.txt 2014-12-03 12:57 - 2014-12-03 13:15 - 00000000 ____D () C:\AdwCleaner 2014-12-03 12:55 - 2014-12-03 12:55 - 02154496 _____ () C:\Users\g******\Desktop\AdwCleaner_4.103.exe 2014-12-03 12:16 - 2014-12-03 12:16 - 00013559 _____ () C:\Users\g******\Desktop\mbam_03122014.txt 2014-12-03 11:08 - 2014-12-03 13:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-03 11:08 - 2014-12-03 11:08 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-03 11:08 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-03 11:08 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-03 11:08 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-03 11:04 - 2014-12-03 11:05 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\g******\Downloads\mbam-setup-2.0.3.1025.exe 2014-12-03 10:55 - 2014-12-03 10:55 - 00001353 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk 2014-12-03 10:55 - 2014-12-03 10:55 - 00000000 ____D () C:\Users\Public\Foxit Software 2014-12-03 10:55 - 2014-12-03 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2014-12-01 17:22 - 2014-12-01 17:22 - 00007598 _____ () C:\Users\g******\AppData\Local\Resmon.ResmonCfg 2014-12-01 14:59 - 2014-12-01 14:59 - 00028363 _____ () C:\ComboFix.txt 2014-12-01 04:18 - 2014-12-01 04:18 - 05599228 _____ (Swearware) C:\Users\g******\Downloads\ComboFix.exe 2014-12-01 01:56 - 2014-12-01 01:56 - 01928228 _____ () C:\Windows\SysWOW64\~.tmp 2014-11-29 23:29 - 2014-11-29 23:29 - 00000000 ____D () C:\Users\g******\AppData\Local\Foxit Reader 2014-11-28 21:07 - 2014-12-03 14:15 - 00000000 ____D () C:\Users\g******\Desktop\FRST-OlderVersion 2014-11-23 18:23 - 2014-11-23 18:25 - 45120049 _____ () C:\Users\g******\Downloads\8 - 10 - (10) Preference Isolation (14_36)(1).mp4 2014-11-23 16:38 - 2014-11-23 16:39 - 45120049 _____ () C:\Users\g******\Downloads\8 - 10 - (10) Preference Isolation (14_36).mp4 2014-11-23 16:35 - 2014-11-23 16:37 - 59224456 _____ () C:\Users\g******\Downloads\8 - 9 - (9) How Internet Retailing Startups Grow (12_23).mp4 2014-11-23 16:34 - 2014-11-23 16:34 - 28969171 _____ () C:\Users\g******\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55)(1).mp4 2014-11-23 15:42 - 2014-11-23 15:43 - 28969171 _____ () C:\Users\g******\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55).mp4 2014-11-23 14:55 - 2014-11-23 14:56 - 31337810 _____ () C:\Users\g******\Downloads\8 - 7 - (7) The Long Tail Part 1 (10_58).mp4 2014-11-23 14:51 - 2014-11-23 14:52 - 25362312 _____ () C:\Users\g******\Downloads\8 - 6 - (6) Online_Offline Competition (4_51).mp4 2014-11-23 14:50 - 2014-11-23 14:51 - 12934856 _____ () C:\Users\g******\Downloads\8 - 5 - (5) Academic Research (3_28).mp4 2014-11-23 14:45 - 2014-11-23 14:46 - 10136029 _____ () C:\Users\g******\Downloads\8 - 4 - (4) Goods and Information (2_39)(1).mp4 2014-11-23 14:28 - 2014-11-23 14:28 - 10136029 _____ () C:\Users\g******\Downloads\8 - 4 - (4) Goods and Information (2_39).mp4 2014-11-23 14:23 - 2014-11-23 14:24 - 21561557 _____ () C:\Users\g******\Downloads\8 - 3 - (3) Friction (4_39).mp4 2014-11-23 14:20 - 2014-11-23 14:22 - 39023006 _____ () C:\Users\g******\Downloads\8 - 2 - (2) Go To Market Strategies_ Introduction (14_07) .mp4 2014-11-23 14:19 - 2014-11-23 14:19 - 14528058 _____ () C:\Users\g******\Downloads\8 - 1 - (1) Introduction and Execution (2_09).mp4 2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-11-22 20:35 - 2014-11-22 20:35 - 00001972 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk 2014-11-22 20:32 - 2014-11-22 20:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-11-22 20:32 - 2014-11-22 20:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-11-22 20:32 - 2014-11-22 20:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-11-22 20:31 - 2014-11-22 20:31 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-11-22 02:55 - 2014-11-24 23:56 - 00000000 ____D () C:\Users\g******\AppData\Roaming\vlc 2014-11-22 02:54 - 2014-11-22 02:54 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-11-22 02:54 - 2014-11-22 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-11-22 02:53 - 2014-11-22 02:53 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-11-22 02:50 - 2014-11-22 02:50 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Cliqz 2014-11-22 02:50 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-11-22 02:50 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-11-22 02:47 - 2014-11-22 02:47 - 01125200 _____ () C:\Users\g******\Downloads\VLC media player 32 Bit - CHIP-Installer.exe 2014-11-22 02:41 - 2014-11-22 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2014-11-22 02:31 - 2014-11-22 02:32 - 38232486 _____ () C:\Users\g******\Downloads\2 - 1 - (1-a) Marketing 101_ Building Strong Brands Part I (15_10).mp4 2014-11-22 02:20 - 2014-11-22 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-11-22 01:21 - 2014-11-22 01:21 - 00244392 _____ () C:\Users\g******\Downloads\Firefox Setup Stub 33.1.1.exe 2014-11-21 23:34 - 2014-11-21 23:34 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-11-18 22:12 - 2014-11-18 22:12 - 00000000 ____D () C:\Users\g******\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL_LANtreiber 2014-11-18 22:03 - 2014-11-18 22:03 - 01120817 _____ () C:\Users\g******\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL.zip 2014-11-18 22:02 - 2014-11-18 23:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-18 22:02 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-18 21:14 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-18 21:00 - 2014-11-18 21:00 - 00000000 ____D () C:\Users\g******\Desktop\win7-10.0.0.297-whql_wlantreiber 2014-11-18 20:56 - 2014-11-18 20:47 - 02584189 _____ () C:\Users\g******\Desktop\win7-10.0.0.297-whql.zip 2014-11-14 13:03 - 2014-11-14 13:21 - 00044064 _____ () C:\Users\g******\Desktop\Result.txt 2014-11-14 13:01 - 2014-11-14 12:48 - 00401920 _____ (Farbar) C:\Users\g******\Desktop\MiniToolBox.exe 2014-11-10 02:12 - 2014-11-10 02:12 - 00000207 _____ () C:\Windows\tweaking*com-regbackup-B-*****-Microsoft-Windows-7-Professional-(64-bit).dat 2014-11-10 02:12 - 2014-11-10 02:12 - 00000000 ____D () C:\RegBackup 2014-11-09 20:49 - 2014-11-09 20:49 - 00003288 ____N () C:\bootsqm.dat 2014-11-09 18:56 - 2014-11-09 18:56 - 00000000 ____D () C:\windows repair_tweakingcom 2014-11-07 22:14 - 2014-11-09 19:02 - 00002161 _____ () C:\Users\g******\Desktop\Tweaking*com - Windows Repair (All in One).lnk 2014-11-07 22:07 - 2014-11-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking*com 2014-11-07 22:06 - 2014-11-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking*com 2014-11-07 22:02 - 2014-11-07 22:02 - 00000000 ____D () C:\tweaking*com ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-03 14:17 - 2014-10-30 16:59 - 00044260 _____ () C:\Users\g******\Desktop\FRST.txt 2014-12-03 14:16 - 2014-10-27 19:30 - 00000000 ____D () C:\FRST 2014-12-03 14:15 - 2014-10-27 19:29 - 02117120 _____ (Farbar) C:\Users\g******\Desktop\FRST64.exe 2014-12-03 13:48 - 2013-07-02 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-03 13:30 - 2011-03-08 05:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-03 13:18 - 2011-03-08 05:28 - 01207596 _____ () C:\Windows\WindowsUpdate.log 2014-12-03 13:17 - 2011-10-10 11:20 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Skype 2014-12-03 13:13 - 2014-10-26 00:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-12-03 13:13 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-03 13:13 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-03 13:12 - 2014-10-27 23:51 - 00000000 ___RD () C:\Users\g******\Dropbox 2014-12-03 13:12 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Dropbox 2014-12-03 13:09 - 2011-09-16 15:58 - 00000000 ____D () C:\Program Files\DisplayLink Core Software 2014-12-03 13:09 - 2011-03-08 05:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-03 13:07 - 2011-03-08 06:05 - 06761746 _____ () C:\Windows\PFRO.log 2014-12-03 13:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-03 13:07 - 2009-07-14 05:51 - 00101133 _____ () C:\Windows\setupact.log 2014-12-03 13:04 - 2011-09-16 09:26 - 00000000 ____D () C:\Users\g****** 2014-12-03 12:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2014-12-03 12:27 - 2011-03-08 06:21 - 00001499 _____ () C:\Windows\system32\ServiceFilter.ini 2014-12-03 12:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins 2014-12-01 14:59 - 2014-10-29 02:10 - 00000000 ____D () C:\Qoobox 2014-12-01 14:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-01 04:18 - 2014-10-29 01:08 - 05599228 ____R (Swearware) C:\Users\g******\Desktop\ComboFix.exe 2014-11-30 14:28 - 2014-10-30 17:01 - 00041074 _____ () C:\Users\g******\Desktop\Addition.txt 2014-11-30 13:50 - 2011-09-16 15:54 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2014-11-30 00:04 - 2009-08-04 12:10 - 00657254 _____ () C:\Windows\system32\perfh007.dat 2014-11-30 00:04 - 2009-08-04 12:10 - 00131386 _____ () C:\Windows\system32\perfc007.dat 2014-11-30 00:04 - 2009-07-14 06:13 - 01537930 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-26 20:53 - 2013-11-20 18:37 - 00000000 ____D () C:\Users\g******\Desktop\Alte Firefox-Daten 2014-11-26 01:48 - 2013-07-02 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-26 01:48 - 2012-04-23 12:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 01:48 - 2012-01-18 02:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-25 19:01 - 2013-04-24 23:02 - 00000000 ____D () C:\Users\g******\AppData\Local\CUSTPDF Writer 2014-11-25 17:01 - 2014-08-19 14:48 - 00000000 ____D () C:\privat_2 2014-11-23 09:49 - 2011-03-08 05:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-11-23 09:45 - 2011-09-16 09:31 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-23 09:36 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini 2014-11-22 20:33 - 2014-10-26 00:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-22 20:32 - 2014-10-26 00:02 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-11-22 20:32 - 2014-10-26 00:02 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-11-22 20:32 - 2014-10-26 00:02 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-11-22 20:32 - 2014-10-26 00:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-11-22 20:32 - 2014-10-26 00:02 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2014-11-22 20:32 - 2014-10-26 00:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-11-22 20:32 - 2014-10-26 00:02 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-11-22 03:17 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Nico Mak Computing 2014-11-22 03:02 - 2009-07-14 05:45 - 00440480 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-22 03:01 - 2014-06-11 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-22 03:01 - 2013-04-23 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-22 02:48 - 2011-09-16 09:26 - 00118032 _____ () C:\Users\g******\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-22 02:32 - 2011-09-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works 2014-11-22 01:24 - 2011-10-10 09:59 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-22 01:24 - 2011-10-10 09:59 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-18 22:12 - 2011-08-04 11:19 - 00144912 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\JME.sys 2014-11-18 21:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-18 21:25 - 2011-03-08 05:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-18 21:25 - 2011-03-08 05:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-18 21:19 - 2014-10-27 23:51 - 00000984 _____ () C:\Users\g******\Desktop\Dropbox.lnk 2014-11-18 21:19 - 2014-10-27 23:49 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-15 02:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-11-10 03:06 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-11-10 03:04 - 2011-09-17 00:51 - 00000000 ____D () C:\Windows\CSC 2014-11-10 02:54 - 2012-06-20 14:24 - 00327680 _____ () C:\Windows\system32\Ikeext.etl 2014-11-09 20:50 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-04 14:30 - 2013-11-13 03:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\g******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvcyzel.dll C:\Users\g******\AppData\Local\Temp\FoxitUpdater.exe C:\Users\g******\AppData\Local\Temp\Quarantine.exe C:\Users\g******\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device boot description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {4bd6ad46-7c0c-11de-baef-deb9d273c9fa} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {current} device boot path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {4bd6ad4a-7c0c-11de-baef-deb9d273c9fa} recoveryenabled Yes osdevice boot systemroot \Windows resumeobject {4bd6ad46-7c0c-11de-baef-deb9d273c9fa} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {4bd6ad4a-7c0c-11de-baef-deb9d273c9fa} device ramdisk=[C:]\Recovery\4bd6ad4a-7c0c-11de-baef-deb9d273c9fa\Winre.wim,{4bd6ad4b-7c0c-11de-baef-deb9d273c9fa} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\4bd6ad4a-7c0c-11de-baef-deb9d273c9fa\Winre.wim,{4bd6ad4b-7c0c-11de-baef-deb9d273c9fa} systemroot \windows nx OptIn winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {572bcd56-ffa7-11d9-aae0-0007e994107d} device ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8} path \windows\system32\boot\winload.exe description Windows Recovery Environment osdevice ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8} systemroot \windows nx OptIn detecthal Yes winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {4bd6ad46-7c0c-11de-baef-deb9d273c9fa} device boot path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device unknown path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {4bd6ad4b-7c0c-11de-baef-deb9d273c9fa} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\4bd6ad4a-7c0c-11de-baef-deb9d273c9fa\boot.sdi Ger„teoptionen -------------- Bezeichner {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} description Ramdisk Device Options ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \boot.sdi LastRegBack: 2014-11-02 07:53 ==================== End Of Log ============================ --- --- --- |
|
03.12.2014, 14:51
| #43 |
| | msiexec.exe infiziert mit win32 :Malware-genCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
Ran by g****** at 2014-12-03 14:18:42
Running from C:\Users\g******\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
AFORS-HET 2.4.1 (HKLM-x32\...\AFORS-HET_is1) (Version: - Helmholtz-Zentrum Berlin)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.41 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
Asus_PSeries_Screensaver (HKLM-x32\...\Asus_PSeries_Screensaver) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Avira AntiVir Professional (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.2.0.1064 - Avira GmbH)
Avira Security Management Center Agent (HKLM-x32\...\{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}) (Version: - Avira GmbH)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version: - Oberon Media Inc.)
Bootstrapper (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.127.0.61 - Conexant)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{34000989-17D6-4271-9800-D78CF94B3BED}) (Version: 5.2.22617.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DB6D5CB2-92FF-4B41-98AA-54C62C926E83}) (Version: 5.2.22826.0 - DisplayLink Corp.)
Dropbox (HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Free DWG Viewer 7.0 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.0.1 - IGC)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version: - Oberon Media Inc.)
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version: - Oberon Media Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor 3 (HKLM-x32\...\Luxor 3) (Version: - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version: - Oberon Media Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.1 - Minitab, Inc.)
Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)
Minitab16 (x32 Version: 16.2.1.0 - Minitab Inc) Hidden
Minitab16 (x32 Version: 16.2.1.0 - Minitab, Inc.) Hidden
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: - Mobile Connection Manager)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.705 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version: - Oberon Media Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden
STP Viewer 2.3 (HKLM-x32\...\{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1) (Version: - IdeaMK)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Tweaking*com - Windows Repair (All in One) (HKLM-x32\...\Tweaking*com - Windows Repair (All in One)) (Version: 2.10.1 - Tweaking*com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version: - Oberon Media Inc.)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
01-12-2014 03:07:31 vor combofix
02-12-2014 10:39:57 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-01 14:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0DD8E9FA-5221-4425-B642-47E2B50D6A0B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {199F694F-1F73-4C29-8460-D1D17CF0473A} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-10-15] (ASUS)
Task: {1DC43702-0414-4A71-886A-DBDB51BE4792} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {48A2D53D-A977-4528-AB9D-9F7CCCD0C2D9} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg*exe [2009-06-29] (ASUS)
Task: {5A254883-3B20-45DB-B4AD-2C65E1E8242C} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-12] ()
Task: {5ADEBF77-533D-419F-A0D3-1D680F36060F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {612C6DC8-F1AB-41D7-B320-7316C739DA0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {6663CCD4-A2B1-482F-8109-C1F3987A5249} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {66900E75-FE77-4146-84F8-3B50C35EA902} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {960F4542-7743-4E93-87E2-880A9DB261C7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {A5D55876-4AD7-4E9F-8C78-627EFCB29E6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {AFD0E19F-FDCB-4086-9400-D6C0FACE4A8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {B9F1E749-5232-43D7-A81B-CB8920AAD0CA} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-10-01] (asus)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-04-23 15:33 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2011-10-24 11:39 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-07-09 15:01 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng*dll
2010-05-12 02:35 - 2010-05-12 02:35 - 00489392 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2011-03-08 06:22 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2010-03-12 05:14 - 2010-03-12 05:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-09-24 01:53 - 2010-09-24 01:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-12-03 10:36 - 2014-12-03 10:36 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120300\algo.dll
2011-10-10 10:03 - 2011-10-10 10:03 - 00355688 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-10-10 10:01 - 2011-12-01 11:36 - 00126721 _____ () C:\Program Files (x86)\Avira\Avira Security Management Center Agent\SCEWXMLW.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-12-03 13:11 - 2014-12-03 13:11 - 00043008 _____ () c:\users\gc395~1.wei\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvcyzel.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\g******\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-10-01 00:13 - 2010-10-01 00:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-10-01 00:13 - 2010-10-01 00:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-10-01 00:14 - 2010-10-01 00:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-10-01 00:13 - 2010-10-01 00:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2014-11-22 20:32 - 2014-11-22 20:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-22 01:24 - 2014-11-14 03:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
========================= Accounts: ==========================
Admin (S-1-5-21-1122509215-102311790-3122138105-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1122509215-102311790-3122138105-500 - Administrator - Disabled)
Gast (S-1-5-21-1122509215-102311790-3122138105-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (06/09/2014 04:51:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4138 seconds with 2580 seconds of active time. This session ended with a crash.
Error: (06/09/2014 03:41:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7957 seconds with 1740 seconds of active time. This session ended with a crash.
Error: (06/07/2014 02:10:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32854 seconds with 8880 seconds of active time. This session ended with a crash.
Error: (06/06/2014 05:02:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20089 seconds with 6960 seconds of active time. This session ended with a crash.
Error: (06/05/2014 09:23:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 199097 seconds with 14520 seconds of active time. This session ended with a crash.
Error: (06/04/2014 00:43:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 61835 seconds with 2100 seconds of active time. This session ended with a crash.
Error: (06/03/2014 07:33:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1626 seconds with 540 seconds of active time. This session ended with a crash.
Error: (06/03/2014 00:02:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1446 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (06/02/2014 11:37:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1772 seconds with 1500 seconds of active time. This session ended with a crash.
Error: (05/31/2014 11:26:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25741 seconds with 4080 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-12-01 14:52:13.157
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-01 14:52:13.016
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-01 14:52:12.876
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-01 14:52:12.735
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-29 11:53:29.029
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-29 11:53:28.888
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 74%
Total physical RAM: 1900.3 MB
Available physical RAM: 477.69 MB
Total Pagefile: 3800.59 MB
Available Pagefile: 1451.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:18.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:202.08 GB) (Free:8.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
03.12.2014, 15:08
| #44 |
| | msiexec.exe infiziert mit win32 :Malware-genCode:
ATTFilter Users shortcut scan result (x64) Version: 02-12-2014
Ran by g******* at 2014-12-03 14:24:48
Running from C:\Users\g*******\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Admin\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()
Shortcut: C:\Users\Admin\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()
Shortcut: C:\Users\Admin\Desktop\IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Online-Hilfe.lnk -> C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe (No File)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Readme.lnk -> C:\Program Files\Trend Micro\Titanium\Shortcut\DE-DE\readme.htm (No File)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Trend Micro Diagnose-Toolkit.lnk -> C:\Program Files\Trend Micro\Titanium\SupportTool.exe (No File)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Trend Micro Konto.lnk -> C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe (No File)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Trend Micro Titanium Internet Security.lnk -> C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (No File)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()
Shortcut: C:\Users\Administrator\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()
Shortcut: C:\Users\Administrator\Desktop\IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk -> C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Virtual Machines.lnk -> C:\Windows\System32\VMWindow.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking**com\Windows Repair (All in One)\Tweaking**com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking**com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking**com\Windows Repair (All in One)\Tweaking**com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking**com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STPViewer\STP Viewer.lnk -> C:\Program Files (x86)\STPViewer\STPViewer.exe (IdeaMk)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slib\SLIB Manual.lnk -> C:\Program Files (x86)\slib\slib.html (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slib\Uninstall.lnk -> C:\Program Files (x86)\slib\uninst.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slib\Website.lnk -> C:\Program Files (x86)\slib\SLIB.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\Hobbit Manual.lnk -> C:\Program Files (x86)\scm\hobbit.html (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\SCM Manual.lnk -> C:\Program Files (x86)\scm\scm.html (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\SCM.lnk -> C:\Program Files (x86)\scm\scm.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\Uninstall.lnk -> C:\Program Files (x86)\scm\uninst.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\Website.lnk -> C:\Program Files (x86)\scm\SCM.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk -> C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Historie.lnk -> C:\Program Files (x86)\PDFCreator\History.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Hilfe.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator_german.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator im Internet.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge hxxp://www.pdfforge.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Translation Tool.lnk -> C:\Program Files (x86)\PDFCreator\languages\TransTool.exe (pdfforge hxxp://www.pdfforge.org/)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Unterstütze PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\Unterstütze PDFCreator.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk -> C:\Program Files (x86)\PDFCreator\AFPL License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk -> C:\Program Files (x86)\PDFCreator\FairPlay License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk -> C:\Program Files (x86)\PDFCreator\GNU License.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF.lnk -> C:\Program Files (x86)\PDFCreator\Images2PDF\Images2PDF.exe (pdfforge GbR)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator\Preferences.lnk -> C:\Program Files\PDFCreator\Actual\Preferences.exe (Acro Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator\Readme.lnk -> C:\Program Files\PDFCreator\Actual\README.HTM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenProj\OpenProj.lnk -> C:\Program Files (x86)\Serena Software Inc\OpenProj\OpenProj1.4.0.exe (Serena Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Base.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\sbase.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Calc.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Draw.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\sdraw.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Impress.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\simpress.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Math.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\smath.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Writer.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org**lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2\Mobile Connection Manager\Deinstallieren.lnk -> C:\Program Files (x86)\o2\Mobile Connection Manager\Uninstall.exe (Telefónica)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2\Mobile Connection Manager\Mobile Connection Manager.lnk -> C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe (Telefónica I+D)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance\Nuance PDF Reader.lnk -> C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe (Nuance Communications, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner\Mobile Partner.lnk -> C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner\Uninstall.lnk -> C:\Program Files (x86)\Mobile Partner\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner\User Manual.lnk -> C:\Program Files (x86)\Mobile Partner\usermanual\usermanual_de-de.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minitab\Minitab 16 Statistical Software.lnk -> C:\Program Files (x86)\Minitab\Minitab 16\Mtb.exe (Minitab Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digitales Zertifikat für VBA-Projekte.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Spracheinstellungen.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office-Diagnose.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView 4.30.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView deinstallieren.lnk -> C:\Program Files (x86)\IrfanView\iv_uninstall.exe (Irfan Skiljan, IrfanView)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView Hilfe.lnk -> C:\Program Files (x86)\IrfanView\Help\i_view32d.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Kommandozeilen-Optionen.lnk -> C:\Program Files (x86)\IrfanView\i_options.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Verfügbare PlugIns.lnk -> C:\Program Files (x86)\IrfanView\i_plugins.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Verfügbare Sprachen.lnk -> C:\Program Files (x86)\IrfanView\i_languages.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Was ist neu.lnk -> C:\Program Files (x86)\IrfanView\i_changes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Über IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_about.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\3.0.195.27\Installer\setup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\FreeSnell.lnk -> C:\Program Files (x86)\scm\scm.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\Manual.lnk -> C:\Program Files (x86)\FreeSnell\FreeSnell.html (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\nk.lnk -> C:\Program Files (x86)\scm\scm.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\Uninstall.lnk -> C:\Program Files (x86)\FreeSnell\uninst.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\Website.lnk -> C:\Program Files (x86)\FreeSnell\FreeSnell.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer\Free DWG Viewer Help.lnk -> C:\Program Files (x86)\IGC\Free DWG Viewer\BravaActiveX.DWG_ENU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer\Free DWG Viewer.lnk -> C:\Program Files (x86)\IGC\Free DWG Viewer\BravaFreeDWg**exe (Informative Graphics Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Hotline.lnk -> C:\Program Files (x86)\ElsterFormular\bin\hotlineTool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Uninstall.lnk -> C:\ProgramData\elsterformular\setup\uninstall.exe (Landesfinanzdirektion Thüringen)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular.lnk -> C:\Program Files (x86)\ElsterFormular\bin\pica.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover\PowerRecover.lnk -> C:\Program Files\CyberLink\PowerRecover\PowerRecover.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop\AntiVir im Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop\AntiVir starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop\Hilfe.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop\Readme anzeigen.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\AI Recovery Burner.lnk -> C:\Windows\Installer\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}\_E86B6F2A0F3248EFC4E576.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Secure Delete.lnk -> C:\Program Files\ASUS\ASUS Secure Delete\ADST.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Virtual Camera.lnk -> C:\Windows\Installer\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}\_8FB55EF1FE5AD5E60FD10E.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ControlDeck.lnk -> C:\Windows\Installer\{5B65EF64-1DFA-414A-8C94-7BB726158E21}\_AC69E89FCC0CAC610D021A.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\e-Driver.lnk -> C:\eSupport\eDriver\InstAll.exe (ASUSTek COMPUTER INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\FancyStart.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_06A25776E43957E4BCFF7B.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\FastBoot.lnk -> C:\Windows\Installer\{13F4A7F3-EABC-4261-AF6B-1317777F0755}\_DDCB0ED3AF5E9139FFB652.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\LifeFrame.lnk -> C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe (ASUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\MultiFrame.lnk -> C:\Program Files (x86)\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\Power4Gear Hybrid.lnk -> C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_888B0A46DB54615BEF92A8.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\Scene Switch.lnk -> C:\Windows\Installer\{5172E572-C175-4F80-A6D5-5CB45826AD61}\_0151CC6272690AAAF598C6.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\WinFlash.Lnk -> C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\Wireless Console 3.lnk -> C:\Windows\Installer\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}\_C9BEC68FDCE220A882D6B5.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\General disclaimer.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\disclaimer.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\SmartLogon Console.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\facemgr.exe (ASUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\SmartLogon Manager.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\logonmgr.exe (ASUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Splendid Utility\Splendid Compatibility Tool.Lnk -> C:\Program Files (x86)\ASUS\Splendid\Backache.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Splendid Utility\Splendid Utility.Lnk -> C:\Program Files (x86)\ASUS\Splendid\Backbone.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Live Update\ASUS Live Update.lnk -> C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS CopyProtect\ASUS CopyProtect.lnk -> C:\Windows\Installer\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}\_1CDF4E2D13EDD4BCF236FB.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\ASUS Vibe Fun Center.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS WebStorage\Uninstall.lnk -> C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\AFORS-HET 2.4.1.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\aforshet.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\Afors-Het online help.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\AFORS.HLP ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\Afors-Het project page.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\AFORS-Het.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\Helmholtz-Zentrum Berlin.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\Helmholtz-Zentrum Berlin.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\Uninstall AFORS-HET.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig**exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig**exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files (x86)\7-Zip\7-zip.chm ()
Shortcut: C:\Users\d.******\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()
Shortcut: C:\Users\d.******\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Online Help.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Enu\Power2Go.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Readme.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Enu\Readme.htm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Online Help.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Enu\LabelPrint.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Enu\Readme.htm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()
Shortcut: C:\Users\g*******\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()
Shortcut: C:\Users\g*******\Links\Dropbox.lnk -> C:\Users\g*******\Dropbox ()
Shortcut: C:\Users\g*******\Desktop\FLV-Media-Player.lnk -> C:\Users\g*******\AppData\Roaming\Microsoft\Installer\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}\DesktopIcon.exe (HYBRIDWEB.de )
Shortcut: C:\Users\g*******\Desktop\IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)
Shortcut: C:\Users\g*******\Desktop\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\g*******\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\g*******\Desktop\Scanner_Allgemein - Verknüpfung**lnk -> S:\Scanner_Allgemein (No File)
Shortcut: C:\Users\g*******\Desktop\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\Desktop\Tweaking**com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking**com)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV-Media-Player\FLV-Media-Player.lnk -> C:\Users\g*******\AppData\Roaming\Microsoft\Installer\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}\StartMenuIcon.exe (HYBRIDWEB.de )
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\g*******\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\g*******\Dropbox ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AFORS-HET 2.4.1.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\aforshet.exe ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\STP Viewer.lnk -> C:\Program Files (x86)\STPViewer\STPViewer.exe (IdeaMk)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()
Shortcut: C:\Users\p.******\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\AFORS-HET 2.4.1.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\aforshet.exe ()
Shortcut: C:\Users\Public\Desktop\Avast Internet Security.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
Shortcut: C:\Users\Public\Desktop\ElsterFormular.lnk -> C:\Program Files (x86)\ElsterFormular\bin\pica.exe ()
Shortcut: C:\Users\Public\Desktop\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)
Shortcut: C:\Users\Public\Desktop\Free DWG Viewer.lnk -> C:\Program Files (x86)\IGC\Free DWG Viewer\BravaFreeDWg**exe (Informative Graphics Corp.)
Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Minitab 16.lnk -> C:\Program Files (x86)\Minitab\Minitab 16\Mtb.exe (Minitab Inc.)
Shortcut: C:\Users\Public\Desktop\Mobile Connection Manager.lnk -> C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe (Telefónica I+D)
Shortcut: C:\Users\Public\Desktop\Mobile Partner.lnk -> C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
Shortcut: C:\Users\Public\Desktop\OpenProj.lnk -> C:\Program Files (x86)\Serena Software Inc\OpenProj\OpenProj1.4.0.exe (Serena Software Inc.)
Shortcut: C:\Users\Public\Desktop\PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge hxxp://www.pdfforge.org/)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\STP Viewer.lnk -> C:\Program Files (x86)\STPViewer\STPViewer.exe (IdeaMk)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
ShortcutWithArgument: C:\Users\Admin\Desktop\IrfanView Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Administrator\Desktop\IrfanView Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Virtual Windows XP.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchDefaultVM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking**com\Windows Repair (All in One)\Uninstall Tweaking**com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\Uninstall\uninstall.xml"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () -> /start
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () -> -d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs\SRS Premium Sound Control Panel.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut3_9BAB6724F19F41B8905F825C6004D10E.exe (Acresso Software Inc.) -> /f=srs_premium_sound_nopreset.zip
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk -> C:\Windows\TotalUninstaller.exe () -> /REMOVE_ALL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\PDFCreator\Images2PDF\Images2PDFC.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Deinstallieren.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView - Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth deinstallieren.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im DirectX-Modus starten.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im OpenGL-Modus starten.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Hilfe.lnk -> C:\Program Files (x86)\ElsterFormular\bin\hilfepica.exe () -> -collectionFile "C:\Program Files (x86)\ElsterFormular/hilfe/elfo.bedienung**qhc" -showUrl "qthelp://elfo.bedienung/hilfe/bed_kap01/910000.html"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Installationsverwaltung**lnk -> C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung**exe () -> --zeigeDlg
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Integritätsprüfer.lnk -> C:\Program Files (x86)\ElsterFormular\bin\integritaetspruefer.exe () -> -path "C:\Program Files (x86)\ElsterFormular"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Screenreadermodus.lnk -> C:\Program Files (x86)\ElsterFormular\bin\pica.exe () -> --sehbehindertenmodus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS WebStorage\ASUS WebStorage.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /n, ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{D6044399-0B9E-4084-A9AC-C4B7C7800FCF}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\OnLine Registration.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:ENU
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\OnLine Registration.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:ENU
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\g*******\Desktop\Dropbox.lnk -> C:\Users\g*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\g*******\Desktop\IrfanView Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Benutzerverwaltung Logistik (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
5256927f" "Benutzerverwaltung Logistik"
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Didaktische Pfade Logistik (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
3c5a8f69" "Didaktische Pfade Logistik"
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Hilfe Logistik (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
c032a23" "Hilfe Logistik"
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Lernumgebung Logistik (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
5690914f" "Lernumgebung Logistik"
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Toolbox (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
d97757a8" "Toolbox"
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\g*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV-Media-Player\Uninstall FLV-Media-Player.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\g*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte\U8510.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTWUIExt.exe (Broadcom) -> /deviceAddr=f4559c009940
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU
ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\Browserwahl.lnk -> C:\Windows\System32\browserchoice.exe (Microsoft Corporation) -> /launch
ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Admin\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Admin\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/
InternetURL: C:\Users\Admin\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/
InternetURL: C:\Users\Admin\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download
InternetURL: C:\Users\Admin\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support
InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Administrator\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Administrator\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/
InternetURL: C:\Users\Administrator\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/
InternetURL: C:\Users\Administrator\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download
InternetURL: C:\Users\Administrator\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support
InternetURL: C:\Users\d.******\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\d.******\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\d.******\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\d.******\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\d.******\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\d.******\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\d.******\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/
InternetURL: C:\Users\d.******\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/
InternetURL: C:\Users\d.******\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download
InternetURL: C:\Users\d.******\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support
InternetURL: C:\Users\g*******\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\g*******\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\g*******\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\g*******\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\g*******\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\g*******\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\g*******\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/
InternetURL: C:\Users\g*******\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/
InternetURL: C:\Users\g*******\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download
InternetURL: C:\Users\g*******\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support
InternetURL: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
InternetURL: C:\Users\p.******\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\p.******\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\p.******\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\p.******\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\p.******\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\p.******\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/
InternetURL: C:\Users\p.******\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/
InternetURL: C:\Users\p.******\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download
InternetURL: C:\Users\p.******\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support
==================== End of log =============================
die grafik und chip treiber habe ich mir nicht anzufassen getraut. da ein VLC media player ordnungsgemäß abspielt liegt es wohl doch nicht am grafiktreiber sondern am windows media player.? dieser ist aber im windows 7 inklusive, kann man nicht deinstallieren und separat neu herunterladen. müsste ich nur wissen wie man windowsMP disabled und VLC als default für livestream video online aktiviert,ansonnsten werden online videos immer mit windowsMP abgespielt-->bild funktioniert nicht LAN funktioniert auch noch nicht .trotz treiber aktualisiert |
|
04.12.2014, 10:03
| #45 |
| /// the machine /// TB-Ausbilder | msiexec.exe infiziert mit win32 :Malware-gen Haben wir windows repair schon gemaccht? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu msiexec.exe infiziert mit win32 :Malware-gen |
| aktiviere, andere, ask shopping toolbar entfernen, automatisch, avast, dateien, dealply entfernen, fehlercode 0x4, fehlercode 0x5, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode windows, firewall, infizierte, msiexec.exe, nicht mehr, pdfforge toolbar v10.0 entfernen, probleme, rechner, tr/dropper.gen, update for pdf creator entfernen, viren, wajam entfernen, win32, worte |
Linear-Darstellung
