|
Plagegeister aller Art und deren Bekämpfung: Malware? Browserfenster öffnen sich von selbst und PC stürzt regelmäßig ab.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.11.2014, 21:02 | #1 |
| Malware? Browserfenster öffnen sich von selbst und PC stürzt regelmäßig ab. Hallo, bei der Suche nach Hilfe bin ich auf das Trojaner Board gestoßen und hoffe, dass Ihr euch dem Problem annehmen könnt. Seit geraumer Zeit habe ich Probleme mit der Leistung meines PCs (Acer 3820TG). Hier die Symptome: - der Computer arbeitet ständig und der Lüfter dreht immer auf höchster stufe - der Computer stürzt regelmäßig ab und rebootet - mindestens einmal täglich öffnen sich Browserfenster "von alleine" und weisen auf Werbe-Webseiten ("speed up windows 8" oder so) Nach einer ersten Recherche gehe ich davon aus das mein System von Malware oder einem Virus befallen ist. Ich würde mich über Hilfe bei der Bereinigung freuen! Angehängt habe ich die Log-Dateien FRST.txt und ADDITION.txt von FRST64, sowie gmer.log von Gmer-19357. Gruß cartonneex |
18.11.2014, 21:06 | #2 |
Ruhe in Frieden † 2019 | Malware? Browserfenster öffnen sich von selbst und PC stürzt regelmäßig ab.Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte poste alle Logs in Code Tags, danke.
__________________ |
18.11.2014, 21:14 | #3 |
| Malware? Browserfenster öffnen sich von selbst und PC stürzt regelmäßig ab. FRST.txt
__________________Code:
ATTFilter (AMD) C:\Windows\System32\atiesrxx.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (AMD) C:\Windows\System32\atieclxx.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Arcoid) C:\Program Files (x86)\Advanced Touchpad Server\AdvancedTouchpadServer.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1289296 2010-02-25] (Dritek System Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [AdvancedTouchpadServer] => C:\Program Files (x86)\Advanced Touchpad Server\AdvancedTouchpadServer.exe [679936 2012-04-26] (Arcoid) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Run: [3F39F816CD7BDDEEE521D84DB3B9E481A1B62B66._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-14] (Google Inc.) HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Run: [Spotify Web Helper] => C:\Users\Alexander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-12-11] (Spotify Ltd) HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Run: [Google+ Auto Backup] => "C:\Users\Alexander\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3070650811-9642294-4145187345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-3070650811-9642294-4145187345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKU\S-1-5-21-3070650811-9642294-4145187345-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x95B9DB66C4A4CD01 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{3B147E7E-B71B-445B-A893-A45C3A4702E2}: [NameServer] 8.8.8.4,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*'))%20%7B%20return%20'PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Plugin HKU\S-1-5-21-3070650811-9642294-4145187345-1000: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: DSL Soforthilfe - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\{} [2014-05-09] FF Extension: ProxMate - Proxy on steroids! - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-06-19] FF Extension: Adblock Plus - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-19] FF Extension: Disable Anti-Adblock - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2013-06-19] FF Extension: Adblock Edge - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\glywutcp.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-06] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-09-19] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Send using Gmail™ (no button)) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc [2013-11-12] CHR Extension: (Google Docs) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-16] CHR Extension: (Google Drive) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28] CHR Extension: (YouTube) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-16] CHR Extension: (Anti Anti Adblock) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhdgbmpjfehpkmbgnonnaclejpcepjm [2013-11-12] CHR Extension: (Webpage Screenshot) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-11-12] CHR Extension: (Google Search) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-16] CHR Extension: (Hola Better Internet) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-07-19] CHR Extension: (ZenMate) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-19] CHR Extension: (Chrome Remote Desktop) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-31] CHR Extension: (FoxyProxy Standard) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-11-12] CHR Extension: (AdBlock) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-12] CHR Extension: (Download Helper) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnbkeigkjcncjkbmkiibjgbhbnbanmfi [2013-11-12] CHR Extension: (BugMeNot Lite) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2013-11-12] CHR Extension: (Premiumize.me) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2013-11-12] CHR Extension: (Save to Pocket) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-12-02] CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2013-11-12] CHR Extension: (Google Wallet) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-16] CHR Extension: (Google Similar Pages) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2013-11-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation) S4 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\38.0.2125.9\remoting_host.exe [51016 2014-08-21] (Google Inc.) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [819232 2010-01-20] (Acer Incorporated) R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1059712 2012-11-08] () R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [800128 2012-11-08] () S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed] R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2010-12-10] (Nalpeiron Ltd.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2012-12-06] () S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll [2207232 2013-07-27] (Microsoft Corporation) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed] R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [496640 2014-06-22] (Microsoft Corporation) [File not signed] R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation) S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation) S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [113792 2009-07-23] (Huawei Technologies Co., Ltd.) [File not signed] S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [92888 2014-06-22] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [128728 2014-06-22] (Malwarebytes Corporation) S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA)) S3 Rockusb; C:\Windows\System32\drivers\rockusb.sys [67408 2013-03-06] (Fuzhou Rockchip Electronics Co,Ltd.) S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project) S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X] S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X] U3 idsvc; No ImagePath S3 igfx; \SystemRoot\system32\DRIVERS\igdkmd64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-18 20:22 - 2014-11-18 20:24 - 00049966 _____ () C:\Users\Alexander\Desktop\Addition.txt 2014-11-18 20:20 - 2014-11-18 20:25 - 00030631 _____ () C:\Users\Alexander\Desktop\FRST.txt 2014-11-18 20:19 - 2014-11-18 20:25 - 00000000 ____D () C:\FRST 2014-11-18 20:18 - 2014-11-18 20:18 - 02117120 _____ (Farbar) C:\Users\Alexander\Desktop\FRST64.exe 2014-11-18 14:48 - 2014-11-18 14:48 - 00302011 _____ () C:\Users\Alexander\Desktop\WindowsUpdateDiagnostic.diagcab 2014-11-18 14:38 - 2014-11-18 14:39 - 00278976 _____ () C:\WINDOWS\Minidump\111814-36125-01.dmp 2014-11-18 13:40 - 2014-09-02 20:32 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-18 13:40 - 2014-09-02 20:32 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-18 13:29 - 2014-11-18 13:29 - 05061080 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-18 13:14 - 2014-11-18 13:14 - 00278976 _____ () C:\WINDOWS\Minidump\111814-48578-01.dmp 2014-11-17 21:36 - 2014-11-17 21:37 - 00278976 _____ () C:\WINDOWS\Minidump\111714-51906-01.dmp 2014-11-11 19:23 - 2014-11-11 19:24 - 00278976 _____ () C:\WINDOWS\Minidump\111114-26046-01.dmp 2014-11-06 03:47 - 2014-11-06 03:47 - 00278976 _____ () C:\WINDOWS\Minidump\110614-70843-01.dmp 2014-11-05 01:17 - 2014-11-05 01:18 - 00278976 _____ () C:\WINDOWS\Minidump\110514-45312-01.dmp 2014-11-03 19:56 - 2014-11-03 20:14 - 00020613 _____ () C:\Users\Alexander\Desktop\Bewerbung_Wohnstätte Alex.odt 2014-11-03 18:45 - 2014-11-03 20:04 - 00016302 _____ () C:\Users\Alexander\Desktop\Lebenslauf_aktuellAlex.odt 2014-11-03 17:32 - 2014-11-03 17:32 - 00104255 _____ () C:\Users\Alexander\Desktop\Lebenslauf_aktuell.odt 2014-11-01 02:02 - 2014-11-01 02:03 - 00278976 _____ () C:\WINDOWS\Minidump\110114-38796-01.dmp 2014-10-29 23:47 - 2014-10-31 02:17 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2014-10-29 18:22 - 2014-10-22 04:34 - 00010777 _____ () C:\WINDOWS\system32\AutoconfigV2.cab 2014-10-29 18:22 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe 2014-10-29 18:22 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe 2014-10-29 18:22 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-10-29 18:22 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-29 18:22 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-10-29 18:22 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2014-10-29 18:22 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-29 18:22 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2014-10-27 18:25 - 2014-10-27 18:28 - 01584509 _____ () C:\Users\Alexander\Desktop\bootanimation (1).zip 2014-10-27 18:24 - 2014-10-27 18:24 - 01529186 _____ () C:\Users\Alexander\Desktop\bootanimation.zip 2014-10-27 17:43 - 2014-10-27 17:43 - 02827570 _____ () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_bob104_icoo (1).7z 2014-10-27 17:43 - 2014-10-27 17:43 - 00000000 ____D () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_bob104_icoo (1) 2014-10-27 17:31 - 2014-10-27 17:31 - 02832931 _____ () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_bob111_icoo.7z 2014-10-27 17:11 - 2014-10-27 17:11 - 00000000 ____D () C:\Users\Alexander\Desktop\Oma_RK31_Chuwi_V88_KK_4.4.4_v2.4_gen1 loader 2014-10-27 16:55 - 2014-10-27 17:02 - 331204046 _____ () C:\Users\Alexander\Desktop\Oma_RK31_Chuwi_V88_KK_4.4.4_v2.4_gen1 loader.7z 2014-10-27 16:48 - 2014-10-27 16:48 - 02858277 _____ () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_icoo (1).7z 2014-10-27 16:48 - 2014-10-27 16:48 - 02827570 _____ () C:\Users\Alexander\Desktop\RK31_kernel_3036_fatty2_bob104_icoo.7z 2014-10-27 09:19 - 2014-10-27 09:20 - 00278976 _____ () C:\WINDOWS\Minidump\102714-33921-01.dmp 2014-10-26 23:30 - 2014-10-26 23:30 - 00278976 _____ () C:\WINDOWS\Minidump\102614-38296-01.dmp 2014-10-26 18:47 - 2014-10-26 18:47 - 00278976 _____ () C:\WINDOWS\Minidump\102614-24750-01.dmp 2014-10-26 13:12 - 2014-10-26 13:12 - 00278976 _____ () C:\WINDOWS\Minidump\102614-32234-01.dmp 2014-10-26 11:33 - 2014-10-26 11:34 - 00278976 _____ () C:\WINDOWS\Minidump\102614-42031-01.dmp 2014-10-26 06:17 - 2014-10-26 06:18 - 00278976 _____ () C:\WINDOWS\Minidump\102614-54843-01.dmp 2014-10-22 19:46 - 2014-10-22 19:46 - 00278976 _____ () C:\WINDOWS\Minidump\102214-28421-01.dmp 2014-10-21 19:07 - 2014-10-21 19:07 - 00278920 _____ () C:\WINDOWS\Minidump\102114-34390-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-18 20:02 - 2012-11-16 11:59 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-18 20:02 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-11-18 19:57 - 2013-07-16 09:25 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-11-18 19:53 - 2013-07-31 10:06 - 01761999 _____ () C:\WINDOWS\WindowsUpdate.log 2014-11-18 19:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-11-18 19:17 - 2014-01-13 18:40 - 00000092 _____ () C:\Users\Alexander\AppData\Roaming\WB.CFG 2014-11-18 19:10 - 2012-10-29 14:10 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3070650811-9642294-4145187345-1000 2014-11-18 18:44 - 2014-07-28 16:02 - 00005152 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEXANDER-PC-Alexander Alexander-PC 2014-11-18 18:29 - 2012-11-16 11:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-18 18:27 - 2013-07-31 04:59 - 05039351 _____ () C:\WINDOWS\setupact.log 2014-11-18 15:16 - 2012-07-26 11:27 - 03927614 _____ () C:\WINDOWS\system32\perfh007.dat 2014-11-18 15:16 - 2012-07-26 11:27 - 01106744 _____ () C:\WINDOWS\system32\perfc007.dat 2014-11-18 15:16 - 2012-07-26 08:28 - 00005640 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-11-18 15:11 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-18 15:09 - 2012-10-29 13:35 - 00000000 ____D () C:\Users\Alexander 2014-11-18 14:42 - 2014-09-01 22:15 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-11-18 14:38 - 2013-08-28 14:54 - 02339640 _____ () C:\WINDOWS\PFRO.log 2014-11-18 14:38 - 2013-08-04 19:20 - 657431103 _____ () C:\WINDOWS\MEMORY.DMP 2014-11-18 14:38 - 2012-11-06 01:05 - 00000000 ____D () C:\WINDOWS\Minidump 2014-11-18 14:17 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache 2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-18 13:27 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-18 13:19 - 2012-07-26 06:26 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2014-11-18 12:46 - 2011-10-28 14:21 - 00000000 ____D () C:\Users\Public\Documents\offizielle dokumente 2014-11-18 12:22 - 2014-06-15 02:27 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Adobe 2014-11-17 01:41 - 2011-03-22 13:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-17 01:40 - 2013-08-28 08:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-11-17 01:39 - 2013-08-15 12:38 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-11-17 01:32 - 2011-03-22 12:17 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-11-13 19:03 - 2009-07-14 03:34 - 00000478 _____ () C:\WINDOWS\win.ini 2014-11-12 22:57 - 2012-11-16 11:59 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-12 22:57 - 2012-11-16 11:59 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-12 18:23 - 2014-08-14 05:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2014-11-12 18:22 - 2014-08-14 05:19 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2014-11-03 20:20 - 2011-03-23 11:09 - 00000000 ____D () C:\Users\Alexander\AppData\Local\CrashDumps 2014-11-03 19:56 - 2013-06-24 15:43 - 01739776 ___SH () C:\Users\Alexander\Desktop\Thumbs.db 2014-11-03 19:09 - 2011-03-22 13:55 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Microsoft Help 2014-11-03 17:32 - 2012-10-29 14:02 - 00000000 ____D () C:\Users\Alexander\AppData\Local\Packages 2014-11-01 22:18 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-10-29 23:47 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore Files to move or delete: ==================== C:\Users\Alexander\CTX.DAT Some content of TEMP: ==================== C:\Users\Alexander\AppData\Local\Temp\npp.6.6.7.Installer.exe C:\Users\Alexander\AppData\Local\Temp\proxy_vole6150075288897273867.dll C:\Users\Alexander\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-18 15:26 ==================== End Of Log ============================ Code:
ATTFilter µTorrent (HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.1.6 - Liteon) Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.02.3000 - Acer Incorporated) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated) Adobe Pixel Bender Toolkit 2 (HKLM-x32\...\{D5CC77BE-BC5B-424E-8E45-DF60AFF7BE9C}) (Version: 2.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 2.8.0 - Adobe Systems Incorporated) Advanced Touchpad Server (HKLM-x32\...\Advanced Touchpad Server) (Version: - ) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden Alien Skin Image Doctor 2 (HKLM\...\Alien Skin Image Doctor 2) (Version: - Alien Skin Software) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric) AMD Catalyst Install Manager (HKLM\...\{8F3C9854-8EB9-3D28-4AD7-E3ADD800C7E3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Boris Continuum Complete 7 Adobe CS5 (HKLM\...\{A31D5812-F0AA-4AFA-B584-C2C4AC141518}) (Version: 7.0.6 - Boris FX, Inc.) BrettspielWelt (HKLM-x32\...\BSW) (Version: - ) calibre 64bit (HKLM\...\{1BC00DD4-173E-4325-BDB7-48A076DFC1EF}) (Version: 1.29.0 - Kovid Goyal) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator 1.1 (HKLM-x32\...\MP Navigator 1.1) (Version: - ) Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - ) Canon MP110 (HKLM\...\{B3467C74-0678-459a-9180-722763E0AFDE}) (Version: - ) Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) Canon ScanGear Starter (HKLM-x32\...\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{61F565EB-B101-4EBE-89BB-EF0AA3F2FFB8}) (Version: 38.0.2125.9 - Google Inc.) Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.5 - Nik Software, Inc.) CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dfine 2.0 (HKLM-x32\...\Dfine 2.0) (Version: 2.1.1.2 - Nik Software, Inc.) DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars) DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.5.13 - DivX, Inc. ) Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.7.0 - Treexy) Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 2.0 - Treexy) Dropbox (HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\Dropbox) (Version: 1.6.16 - Dropbox, Inc.) eMule Plus 1.2e (HKLM-x32\...\eMule Plus_is1) (Version: - eMule Plus Team) EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.02 - Ubisoft) Flash Drive Tester v1.14 (HKLM-x32\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Garmin BaseCamp (HKLM-x32\...\{74E69F8A-BCBB-4A0A-9361-32225755D8C3}) (Version: 3.2.2 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.) Google SketchUp Pro 8 (HKLM-x32\...\{2C02693A-EF4F-42D1-9036-664B6C0D647E}) (Version: 3.0.3196 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games) HDR Efex Pro 2 (HKLM-x32\...\HDR Efex Pro 2) (Version: 2.0.0.3 - Nik Software, Inc.) HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP) Image Resizer for Windows (64 bit) (HKLM\...\{B6EFF29D-7CAB-4CE0-9FFC-3D55D27E948D}) (Version: 3.0.4442.6002 - Brice Lambson) Image Resizer for Windows (HKLM-x32\...\{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}) (Version: 3.0.4442.6002 - Brice Lambson) Imagenomic Noiseware 5.0 Plug-in (build 5007) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - ) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle) Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle) JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH) JDownloader 2.0 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - ) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.5 - Acer Inc.) LG On-Screen Phone (HKLM-x32\...\LG On-Screen Phone) (Version: 4.0.004.130823 - LG Electronics) LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics) Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.1 - Red Giant Software) Magic Bullet Suite 64-bit (Version: 11.4.1 - Red Giant Software) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Research Mesh Virtual WIFI (HKLM-x32\...\{3F586E56-913B-4C6D-889B-F591485E069D}) (Version: 1.0.0 - Microsoft Corp) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mp3tag v2.49 (HKLM-x32\...\Mp3tag) (Version: v2.49 - Florian Heidenreich) MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team) O&O SafeErase Professional (HKLM\...\{EBA0B3C0-C761-44A1-9C55-9BEC17F387F5}) (Version: 5.0.452 - O&O Software GmbH) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PdaNet+ for Android 4.01 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Perfect Photo Suite 6.1 (HKLM-x32\...\{59679381-3F22-4A40-A7AD-890242D74DF4}) (Version: 6.1 - onOne Software) ph (x32 Version: 1.0.0 - Your Company Name) Hidden Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photomatix Pro version 4.1.1 (HKLM\...\PhotomatixPro41x64_is1) (Version: 4.1.1 - HDRsoft Sarl) PhotoTune 3 (HKLM-x32\...\{12DC97BF-4D60-4C97-9A10-762F8D710695}) (Version: 3.0.5 - onOne Software) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Portal (HKLM-x32\...\Portal) (Version: - ) Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - ) PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games) Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Secure Download Manager (HKLM-x32\...\{7709C9B0-AD83-4F7C-A153-B956BC3C3B0A}) (Version: 3.1.10 - Kivuto Solutions Inc.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0) (Version: 3.0.1.0 - Nik Software, Inc.) Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - ) Sigil 0.7.4 (HKLM-x32\...\Sigil_is1) (Version: - John Schember) Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.6 - Nik Software, Inc.) SixaxisPairTool 0.1 (HKLM\...\SixaxisPairTool_is1) (Version: 0.1 - ) SixaxisPairTool 0.2.3 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.2.3 - Dancing Pixel Studios) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sniper Elite 3 Limited Day One Edition MULTi2 1.0 (HKLM-x32\...\Sniper Elite 3 Limited Day One Edition MULTi2 1.0) (Version: - ) Sonarca Sound Recorder XiFi 3.8.1 (HKLM-x32\...\FC08D902-7038-455B-B5CE-58C9C71B7439_is1) (Version: - Accmeware Corporation) Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - ) Start8 (HKLM-x32\...\{F9FADF71-8E4E-4482-B95C-0F7A9F1B68AF}_is1) (Version: 1.16 - Stardock Corperation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden T4A Maps Traveller's Africa (HKLM-x32\...\T4A Maps Traveller's Africa) (Version: - ) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) USB Data Cable Driver (HKLM-x32\...\{AB171825-B5E6-4F9A-8438-6E1D99EFCB58}) (Version: 1.2 - ) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Viveza 2 (HKLM-x32\...\Viveza 2) (Version: 2.0.0.9 - Nik Software, Inc.) VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\6A044848DB955BAB41313E7878DE4E2C68715F24) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation) Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\524FB58AAB1C34915E5DAE6F9A7ABD1AA8C96614) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation) Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\73EBF284DDB186EC3E526FEE77E2325097703596) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation) Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) (HKLM\...\765E3A42F1EB7BB642F073A20918B588DC4D1193) (Version: 03/16/2012 6.5.1.2600 - Broadcom Corporation) Windows-Treiberpaket - Broadcom HIDClass (09/11/2009 6.3.0.1500) (HKLM\...\3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003) (Version: 09/11/2009 6.3.0.1500 - Broadcom) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XBMC (HKU\S-1-5-21-3070650811-9642294-4145187345-1000\...\XBMC) (Version: - Team XBMC) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Zero Assumption Recovery Version 8.4 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe () CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alexander\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3070650811-9642294-4145187345-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ==================== Restore Points ========================= 03-11-2014 02:46:04 Windows Update 09-11-2014 20:13:33 Windows Update 12-11-2014 21:59:27 Windows Update 16-11-2014 23:26:00 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-03-26 14:07 - 00001028 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00917444-8919-4032-82F4-BE78CA311038} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {028C2F07-3CDE-4454-8438-5EA7C10B0B9F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16] (Adobe Systems Incorporated) Task: {12DAE85D-BF1B-42D7-BEE6-F4F43E31FC50} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEXANDER-PC-Alexander Alexander-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation) Task: {1ED1252F-6045-44FA-A83E-CFEC96E685AA} - System32\Tasks\DealPly => C:\Users\Alexander\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-03-10] () <==== ATTENTION Task: {27B5AA4B-AC34-483B-8B68-A8427413F57A} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe Task: {316629FC-56C9-4CB8-ACC6-30A0A298C581} - System32\Tasks\AdobeAAMUpdater-1.0-Alexander-PC-Alexander => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {44DA88DE-C848-4D02-AE07-0039200E7879} - System32\Tasks\{EA99DD81-9180-4E80-AFBC-F5DBDD665F22} => C:\Users\Alexander\Downloads\atheros_bluetooth_7.4.0.110_XP\WinXP\Bluetooth_Suite_XP.EXE Task: {5DA91D57-039D-4B2A-B78E-2D0B12D53399} - System32\Tasks\{3EF368F5-43AF-4D94-A3E2-CD04A261CA11} => C:\Users\Alexander\Downloads\setupSiemens-DCA-140-540v1.0.7.exe Task: {608142EA-84F8-4218-9F20-D54ADBDD4DA2} - System32\Tasks\{7FD67F37-7E0C-46E0-8BD6-A500CAA31882} => C:\Program Files (x86)\Valve\hl.exe [2003-12-12] (Valve) Task: {69E21BF9-5EF4-477A-A11C-D106B44F4AC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd) Task: {7592AAE6-1E38-464F-98D4-8F7461AB4BA8} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe <==== ATTENTION Task: {7E4BE5FB-C117-4AA5-8C53-E82FA063126E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.) Task: {86F02D86-BDA3-4493-BA84-13719BB76419} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe Task: {887D9FB1-E053-41C8-B8AB-E0147E2072FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {890F48F2-9A60-4B88-B8CA-BE98A2DD3A60} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {B17E2CE5-FF3B-4537-A79A-2C63AA366DC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.) Task: {BACAA378-E2D2-4F29-8AE6-16BB9990421C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-lang.alexander@live.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {CC4BB470-856A-429B-89A1-18D116B33ECC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {D6DEE56D-79CE-4F23-ADF1-FED6BDB9DE4B} - System32\Tasks\Trigger KMS Activation => C:\Users\Alexander\Downloads\extracted\KMSnano.v19.1\TriggerKMS.exe Task: {E01AFC3F-88E1-45CC-9DCF-A7916BE51C4D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-17] (Microsoft Corporation) Task: {E1BB16F8-CF88-4097-8754-A1B25018E66D} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] () Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-08 05:59 - 2012-11-08 05:59 - 01059712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe 2012-11-05 09:06 - 2012-11-05 09:06 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll 2012-11-05 09:06 - 2012-11-05 09:06 - 00115712 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll 2012-11-05 09:06 - 2012-11-05 09:06 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll 2012-11-05 09:06 - 2012-11-05 09:06 - 00033280 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll 2012-11-05 09:07 - 2012-11-05 09:07 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll 2012-11-05 09:06 - 2012-11-05 09:06 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll 2012-11-05 09:06 - 2012-11-05 09:06 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll 2012-11-05 09:06 - 2012-11-05 09:06 - 00037888 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll 2012-11-05 09:07 - 2012-11-05 09:07 - 00621056 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll 2012-11-08 05:59 - 2012-11-08 05:59 - 00800128 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe 2012-12-06 17:05 - 2012-12-06 17:05 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2011-03-23 12:17 - 2009-05-20 14:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2014-11-18 19:29 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll 2014-11-18 19:29 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll 2014-11-18 19:29 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll 2014-11-18 19:29 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll 2014-11-18 19:29 - 2014-11-14 22:15 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\Users\Alexander\Cookies:5z1gTGlbL0VpsgCzk2p5MO AlternateDataStreams: C:\ProgramData\TEMP:B42C512A AlternateDataStreams: C:\ProgramData\TEMP:C895616B ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: CGVPNCliSrvc => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^Users^Alexander^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Connectify => C:\Program Files (x86)\Connectify\Connectify.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: Google Update => "C:\Users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdcBase.exe HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "SDTray" HKCU\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk" HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKCU\...\StartupApproved\Run: => "Spotify Web Helper" HKCU\...\StartupApproved\Run: => "Google+ Auto Backup" ========================= Accounts: ========================== Administrator (S-1-5-21-3070650811-9642294-4145187345-500 - Administrator - Disabled) Alexander (S-1-5-21-3070650811-9642294-4145187345-1000 - Administrator - Enabled) => C:\Users\Alexander Gast (S-1-5-21-3070650811-9642294-4145187345-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3070650811-9642294-4145187345-1004 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Shrew Soft Virtual Adapter Description: Shrew Soft Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Shrew Soft Service: vnet Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/18/2014 07:50:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXANDER-PC) Description: Bei der Aktivierung der App „Cheezburger.Cheezburger_a2ma4xw3wqp06!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (11/18/2014 06:29:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=UserLogon;SessionId=3 Error: (11/18/2014 06:27:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/18/2014 03:38:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/18/2014 03:16:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (11/18/2014 03:16:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/18/2014 03:16:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (11/18/2014 03:12:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/18/2014 03:11:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0x00000000 Fehleroffset: 0x000007fc3de10368 ID des fehlerhaften Prozesses: 0x950 Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0 Pfad der fehlerhaften Anwendung: Service_KMS.exe1 Pfad des fehlerhaften Moduls: Service_KMS.exe2 Berichtskennung: Service_KMS.exe3 Vollständiger Name des fehlerhaften Pakets: Service_KMS.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Service_KMS.exe5 Error: (11/18/2014 02:46:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. System errors: ============= Error: (11/18/2014 07:50:14 PM) (Source: DCOM) (EventID: 10010) (User: ALEXANDER-PC) Description: App.AppXjtkr1ahdjty2gz1eentpxbcpshkyn9ht.wwa Error: (11/18/2014 06:27:11 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error: (11/18/2014 04:18:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (11/18/2014 04:18:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WMPNetworkSvc erreicht. Error: (11/18/2014 04:17:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NlaSvc erreicht. Error: (11/18/2014 03:12:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/18/2014 03:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246010 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5 unter Windows 8 und Windows Server 2012 für x64-basierte Systeme (KB2968295) Error: (11/18/2014 03:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246010 fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB2977292) Error: (11/18/2014 03:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246010 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB3003663) Error: (11/18/2014 03:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Advanced Micro Devices, Inc. driver update for ATI Mobility Radeon HD 5000 Series (Engineering Sample - WDDM v1.20) Microsoft Office Sessions: ========================= Error: (11/18/2014 07:50:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEXANDER-PC) Description: Cheezburger.Cheezburger_a2ma4xw3wqp06!App-2144927141 Error: (11/18/2014 06:29:42 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=UserLogon;SessionId=3 Error: (11/18/2014 06:27:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/18/2014 03:38:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/18/2014 03:16:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F2030000E5050000 Error: (11/18/2014 03:16:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance163707000000000000000000008F020000 Error: (11/18/2014 03:16:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT) Description: Performance163707000000000000000000008F020000 Error: (11/18/2014 03:12:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a00018a3-f20f-4632-bf7c-8daa5351c914;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/18/2014 03:11:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007fc3de1036895001d003398e725bf7C:\Program Files\KMSpico\Service_KMS.exeunknownd952367e-6f2c-11e4-8037-18f46a945b67 Error: (11/18/2014 02:46:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F2030000E5050000 CodeIntegrity Errors: =================================== Date: 2014-11-18 15:28:31.330 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 15:28:31.049 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 15:28:30.892 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 15:28:30.580 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 15:28:30.267 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 15:28:29.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 15:28:24.423 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 15:28:20.423 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 13:52:30.030 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2014-11-18 13:52:29.889 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz Percentage of memory in use: 77% Total physical RAM: 3956.5 MB Available physical RAM: 879.81 MB Total Pagefile: 9076.5 MB Available Pagefile: 3899.04 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.54 GB) (Free:116.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 08C408C4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-11-18 21:00:19 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003e TOSHIBA_MK7559GSXP rev.GN003J 698,64GB Running: Gmer-19357.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\uxliauog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600023ee00 7 bytes [00, 23, 80, 01, 00, 1B, F2] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff9600023ee08 7 bytes [01, 7C, BF, FF, 00, 8E, DA] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\atiesrxx.exe[976] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fca813177a 4 bytes [13, A8, FC, 07] .text C:\WINDOWS\system32\atiesrxx.exe[976] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fca8131782 4 bytes [13, A8, FC, 07] .text C:\WINDOWS\System32\spoolsv.exe[1748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fca813177a 4 bytes [13, A8, FC, 07] .text C:\WINDOWS\System32\spoolsv.exe[1748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fca8131782 4 bytes [13, A8, FC, 07] .text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[1964] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fca813177a 4 bytes [13, A8, FC, 07] .text C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe[1964] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fca8131782 4 bytes [13, A8, FC, 07] .text C:\WINDOWS\system32\atieclxx.exe[2156] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fca813177a 4 bytes [13, A8, FC, 07] .text C:\WINDOWS\system32\atieclxx.exe[2156] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fca8131782 4 bytes [13, A8, FC, 07] .text C:\Program Files\Apoint2K\Apoint.exe[3104] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fca813177a 4 bytes [13, A8, FC, 07] .text C:\Program Files\Apoint2K\Apoint.exe[3104] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fca8131782 4 bytes [13, A8, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fca3f31532 4 bytes [F3, A3, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fca3f3153a 4 bytes [F3, A3, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[368] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fca3f3165a 4 bytes [F3, A3, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5420] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fca3f31532 4 bytes [F3, A3, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5420] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fca3f3153a 4 bytes [F3, A3, FC, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5420] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fca3f3165a 4 bytes [F3, A3, FC, 07] .text C:\Program Files\Apoint2K\ApMsgFwd.exe[7128] C:\WINDOWS\system32\PSAPI.dll!GetProcessImageFileNameA + 306 000007fca813177a 4 bytes [13, A8, FC, 07] .text C:\Program Files\Apoint2K\ApMsgFwd.exe[7128] C:\WINDOWS\system32\PSAPI.dll!GetProcessImageFileNameA + 314 000007fca8131782 4 bytes [13, A8, FC, 07] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [6072:3520] fffff960008d65e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1536592479 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67@38ece489a1d3 0x03 0xBF 0x8E 0x4D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67@00210d060fe9 0xA0 0x7A 0x7B 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67@001167000072 0x5D 0x96 0xD4 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\18f46a945b67@7c1e52a8803c 0x47 0x14 0xD2 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@BackupContext 0x02 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@COD Type 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@Identity 0x7B 0x00 0x44 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings\0000@NodeID 0xA2 0x70 0x43 0xD6 ... ---- EOF - GMER 2.1 ---- |
18.11.2014, 22:09 | #4 |
Ruhe in Frieden † 2019 | Malware? Browserfenster öffnen sich von selbst und PC stürzt regelmäßig ab. Hallo, leider hast du da nicht legal erworbene Adobeprodukte auf dem Rechner. Ist das Windows original? Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle solange nicht weiter bereinigen, bis die Software entfernt wurde. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen. Bitte entscheide Dich also, wie Du weiter vorgehen möchtest und teile mir dieses hier in Deinem Thread mit. Unsere Hilfe beschränkt sich, wenn Du diese Software nicht entfernst, nur auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum. Falls du weiter machen möchtest, poste bitte die FRST.txt und auch die addition.txt komplett, danke. |
Themen zu Malware? Browserfenster öffnen sich von selbst und PC stürzt regelmäßig ab. |
acer, arbeitet, befallen, board, browserfenster, computer, gmer.log, hoffe, leistung, lüfter, malware, pcs, problem, probleme, speed, stürzt, suche, system, troja, trojaner, trojaner board, täglich, virus, windows, würde, öffnen |