| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.12.2014, 16:18
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Probier mal => File-Upload.net - JRT.zip
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.12.2014, 16:29
| #17 |
 | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__________________Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Professional x64 Ran by h.petermaier on 09.12.2014 at 16:22:25,34 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" Successfully deleted: [Empty Folder] C:\Users\h.petermaier\appdata\local\{17328F80-692D-4F3D-85F6-D6BE29435CD9} Successfully deleted: [Empty Folder] C:\Users\h.petermaier\appdata\local\{27DD0CAA-C2CA-4F8D-BD8C-871E2EEE82B9} Successfully deleted: [Empty Folder] C:\Users\h.petermaier\appdata\local\{284B9FFD-21A4-488F-8DCF-1EBDA0149D27} Successfully deleted: [Empty Folder] C:\Users\h.petermaier\appdata\local\{9DFCFC82-3344-4800-B464-3270A87730A1} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09.12.2014 at 16:25:38,98 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by h.petermaier (administrator) on ADMIN-PC on 09-12-2014 16:27:28
Running from C:\Users\h.petermaier\Downloads
Loaded Profiles: Admin & h.petermaier (Available profiles: Admin & h.petermaier)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee Inc.) C:\Program Files\McAfee\Raptor\Raptor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Dropbox, Inc.) C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Thisisu) C:\Users\H5137~1.PET\AppData\Local\Temp\Rar$EX00.894\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2787840 2010-01-18] (VIA)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM\...\RunOnce: [Raptor] => C:\Program Files\McAfee\Raptor\Raptor.exe [1804656 2014-12-09] (McAfee Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8846176 2014-09-03] (Binary Fortress Software)
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\MountPoints2: {be8f38f8-9ec2-11e3-abda-bcaec5d69d98} - F:\autorun.exe
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\MountPoints2: {d31390dd-0e40-11e4-b9ee-bcaec5d69d98} - F:\Startme.exe
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\MountPoints2: {eb1c5f14-edd8-11e2-8395-bcaec5d69d98} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-06-24] (Microsoft Corporation)
Startup: C:\Users\h.petermaier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1541001554-288298477-1602340367-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-1541001554-288298477-1602340367-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-1541001554-288298477-1602340367-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://nmd.msn.com
HKU\S-1-5-21-1541001554-288298477-1602340367-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://nmd.msn.com
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
SearchScopes: HKLM -> {81A7596C-F92F-4FD9-BB3F-8536FDC13244} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7BE63F7A-3FBD-4222-AAA9-6609B23F02B8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {81A7596C-F92F-4FD9-BB3F-8536FDC13244} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1541001554-288298477-1602340367-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1541001554-288298477-1602340367-1000 -> {7BE63F7A-3FBD-4222-AAA9-6609B23F02B8} URL = hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-244105888-1459402404-3392459938-1165 -> {81A7596C-F92F-4FD9-BB3F-8536FDC13244} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D7B6943C-9FEA-4EB8-BEC7-1A1731F39E8D}: [NameServer] 192.168.1.12
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.214\npSurveillancePlugin.dll (Synology)
FF Plugin HKU\S-1-5-21-244105888-1459402404-3392459938-1165: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-28]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5270896 2014-09-03] (Binary Fortress Software)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-18] ()
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global Corporation)
R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-07-18] (Sony Mobile Communications)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2013-11-21] (libusb-win32 / Wiki / Home)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-17] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [43752 2013-12-22] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-17] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-17] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.)
R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-02-26] () [File not signed]
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-08-26] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-08-26] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-08-26] (Acronis International GmbH)
U3 agjzx1vt; C:\Windows\System32\Drivers\agjzx1vt.sys [0 ] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-09 16:22 - 2014-12-09 16:22 - 00000000 ____D () C:\windows\ERUNT
2014-12-09 16:21 - 2014-12-09 16:21 - 01670680 _____ () C:\Users\h.petermaier\Downloads\JRT.zip
2014-12-09 16:09 - 2014-12-09 16:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-09 16:08 - 2014-12-09 16:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\h.petermaier\Downloads\revosetup95.exe
2014-12-09 15:28 - 2012-11-07 09:00 - 00058360 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2014-12-09 13:24 - 2014-12-09 15:27 - 00000000 ____D () C:\AdwCleaner
2014-12-09 13:24 - 2014-12-09 13:24 - 02166272 _____ () C:\Users\h.petermaier\Downloads\AdwCleaner_4.105.exe
2014-12-09 11:32 - 2014-12-09 16:27 - 00020824 _____ () C:\Users\h.petermaier\Downloads\FRST.txt
2014-12-09 11:32 - 2014-12-09 11:33 - 00046845 _____ () C:\Users\h.petermaier\Downloads\Addition.txt
2014-12-09 11:31 - 2014-12-09 16:27 - 00000000 ____D () C:\FRST
2014-12-09 11:31 - 2014-12-09 11:31 - 02119680 _____ (Farbar) C:\Users\h.petermaier\Downloads\FRST64.exe
2014-12-09 09:21 - 2014-12-09 09:21 - 00000128 ___RH () C:\Users\h.petermaier\Downloads\Stinger.opt
2014-12-09 09:21 - 2014-12-09 09:21 - 00000000 __SHD () C:\Users\h.petermaier\AppData\Local\EmieUserList
2014-12-09 09:21 - 2014-12-09 09:21 - 00000000 __SHD () C:\Users\h.petermaier\AppData\Local\EmieSiteList
2014-12-09 09:10 - 2014-12-09 09:18 - 00000858 _____ () C:\Users\h.petermaier\Downloads\Stinger_09122014_091005.html
2014-12-09 09:10 - 2014-12-09 09:10 - 00000000 ____D () C:\Program Files\McAfee
2014-12-09 09:08 - 2014-12-09 09:09 - 14283120 _____ (McAfee Inc) C:\Users\h.petermaier\Downloads\stinger64_12.1.0.1242.exe
2014-12-09 08:15 - 2014-12-09 08:17 - 00000000 ____D () C:\Program Files (x86)\RAPID
2014-12-09 08:15 - 2014-12-09 08:15 - 00000000 ____D () C:\windows\system32\RAPID
2014-12-09 08:15 - 2014-09-16 14:30 - 00268976 _____ (Samsung Electronics Co., Ltd.) C:\windows\system32\Drivers\SamsungRapidDiskFltr.sys
2014-12-09 08:07 - 2014-12-09 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-12-01 17:08 - 2014-12-01 16:56 - 09052432 _____ (Cheat Engine ) C:\CheatEngine64.exe
2014-12-01 17:00 - 2014-12-01 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-12-01 17:00 - 2014-12-01 17:00 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-12-01 16:55 - 2014-12-01 16:56 - 09052432 _____ (Cheat Engine ) C:\Users\h.petermaier\Downloads\CheatEngine64.exe
2014-11-28 10:32 - 2014-11-28 10:32 - 00000000 ____D () C:\Users\h.petermaier\AppData\Local\Logishrd
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-09 16:16 - 2013-02-20 09:30 - 00000000 ____D () C:\Users\h.petermaier\AppData\Local\Google
2014-12-09 16:16 - 2013-02-20 07:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-09 16:02 - 2013-02-20 09:48 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 15:35 - 2009-07-14 05:45 - 00009712 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:35 - 2009-07-14 05:45 - 00009712 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:34 - 2009-09-30 07:32 - 00704836 _____ () C:\windows\system32\perfh007.dat
2014-12-09 15:34 - 2009-09-30 07:32 - 00151236 _____ () C:\windows\system32\perfc007.dat
2014-12-09 15:34 - 2009-07-14 06:13 - 01629284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-09 15:31 - 2013-02-20 09:48 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 15:31 - 2013-02-20 09:48 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 15:31 - 2013-02-20 09:48 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 15:29 - 2013-02-20 09:50 - 00000000 ___RD () C:\Users\h.petermaier\Dropbox
2014-12-09 15:29 - 2013-02-20 09:47 - 00000000 ____D () C:\Users\h.petermaier\AppData\Roaming\Dropbox
2014-12-09 15:29 - 2013-02-20 08:09 - 00000136 _____ () C:\windows\system32\config\netlogon.ftl
2014-12-09 15:29 - 2009-07-14 05:51 - 00340053 _____ () C:\windows\setupact.log
2014-12-09 15:28 - 2013-02-20 08:10 - 00245048 _____ () C:\windows\PFRO.log
2014-12-09 15:28 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-09 15:27 - 2013-02-19 16:36 - 01085778 _____ () C:\windows\WindowsUpdate.log
2014-12-09 09:21 - 2013-03-27 15:46 - 00000000 ____D () C:\Program Files\stinger
2014-12-09 08:09 - 2014-08-21 13:40 - 00003260 _____ () C:\windows\System32\Tasks\SamsungMagician
2014-12-09 08:09 - 2014-08-21 13:37 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-12-08 17:34 - 2013-03-21 14:48 - 00000000 ____D () C:\Users\h.petermaier\AppData\Roaming\vlc
2014-12-04 10:50 - 2014-01-27 07:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-28 10:32 - 2013-02-20 09:45 - 00023929 _____ () C:\windows\LDPINST.LOG
2014-11-28 10:32 - 2013-02-20 09:45 - 00002372 _____ () C:\windows\LkmdfCoInst.log
2014-11-28 10:32 - 2013-02-20 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-11-28 10:32 - 2013-02-20 09:44 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-11-28 10:31 - 2013-02-20 09:45 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys
2014-11-28 10:31 - 2013-02-20 09:45 - 00000000 ____D () C:\ProgramData\Logitech
2014-11-28 10:31 - 2013-02-20 09:45 - 00000000 ____D () C:\ProgramData\Logishrd
2014-11-19 16:16 - 2014-04-01 12:22 - 00000000 ____D () C:\Users\h.petermaier\AppData\Local\Battle.net
2014-11-19 16:05 - 2014-04-01 12:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-18 11:05 - 2013-06-06 16:16 - 00000000 ____D () C:\SD Karte
2014-11-18 10:49 - 2014-07-18 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-11-18 10:49 - 2013-06-06 14:45 - 00294322 _____ () C:\windows\DPINST.LOG
2014-11-18 10:49 - 2011-02-07 00:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-17 09:33 - 2013-02-20 09:48 - 00000000 ____D () C:\Users\h.petermaier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 07:50 - 2014-07-21 07:04 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 07:50 - 2014-07-21 07:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 07:50 - 2014-07-21 07:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 07:50 - 2014-07-21 07:04 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 07:50 - 2014-07-21 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 07:50 - 2013-11-20 07:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-14 07:49 - 2013-11-20 07:43 - 00000000 ____D () C:\Program Files (x86)\Java
Some content of TEMP:
====================
C:\Users\h.petermaier\AppData\Local\Temp\257B94caE68d.exe
C:\Users\h.petermaier\AppData\Local\Temp\4jnczpsx.dll
C:\Users\h.petermaier\AppData\Local\Temp\6A09.exe
C:\Users\h.petermaier\AppData\Local\Temp\85Eab.exe
C:\Users\h.petermaier\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\h.petermaier\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\h.petermaier\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\h.petermaier\AppData\Local\Temp\AskSLib.dll
C:\Users\h.petermaier\AppData\Local\Temp\CMInstaller.exe
C:\Users\h.petermaier\AppData\Local\Temp\drm_dialogs.dll
C:\Users\h.petermaier\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\h.petermaier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy_llya.dll
C:\Users\h.petermaier\AppData\Local\Temp\E2193.exe
C:\Users\h.petermaier\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\h.petermaier\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.14.exe
C:\Users\h.petermaier\AppData\Local\Temp\i4jdel0.exe
C:\Users\h.petermaier\AppData\Local\Temp\installer_x64.exe
C:\Users\h.petermaier\AppData\Local\Temp\installer_x86.exe
C:\Users\h.petermaier\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\h.petermaier\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\h.petermaier\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\h.petermaier\AppData\Local\Temp\LMkRstPt.exe
C:\Users\h.petermaier\AppData\Local\Temp\patchw32.dll
C:\Users\h.petermaier\AppData\Local\Temp\Quarantine.exe
C:\Users\h.petermaier\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe
C:\Users\h.petermaier\AppData\Local\Temp\sdanircmdc.exe
C:\Users\h.petermaier\AppData\Local\Temp\sdapskill.exe
C:\Users\h.petermaier\AppData\Local\Temp\sdaspwn.exe
C:\Users\h.petermaier\AppData\Local\Temp\Setup-Arbeitszeugnis-Generator.exe
C:\Users\h.petermaier\AppData\Local\Temp\sqlite3.dll
C:\Users\h.petermaier\AppData\Local\Temp\sweetpage294wld_n2.exe
C:\Users\h.petermaier\AppData\Local\Temp\TenadoCAD2012Installer.exe
C:\Users\h.petermaier\AppData\Local\Temp\TenadoCAD2012_ServicePack1204640.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\winping.dll
C:\Users\h.petermaier\AppData\Local\Temp\ws9bzx78.dll
C:\Users\h.petermaier\AppData\Local\Temp\_is3BF0.exe
C:\Users\h.petermaier\AppData\Local\Temp\_is41F.exe
C:\Users\h.petermaier\AppData\Local\Temp\_is5911.exe
C:\Users\h.petermaier\AppData\Local\Temp\_is5EF7.exe
C:\Users\h.petermaier\AppData\Local\Temp\_is688C.exe
C:\Users\h.petermaier\AppData\Local\Temp\_isA7C9.exe
C:\Users\h.petermaier\AppData\Local\Temp\_isD478.exe
C:\Users\h.petermaier\AppData\Local\Temp\_isD707.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-17 11:56
==================== End Of Log ============================
--- --- --- |
|
09.12.2014, 16:34
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.
__________________
__________________ |
|
09.12.2014, 17:04
| #19 |
| | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Dann nochmal von vorne: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by h.petermaier (administrator) on ADMIN-PC on 09-12-2014 17:00:32
Running from C:\Users\h.petermaier\Downloads
Loaded Profiles: Admin & h.petermaier (Available profiles: Admin & h.petermaier)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Dropbox, Inc.) C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(shm software GmbH & Co. KG) C:\PROFITWS\Profit.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2787840 2010-01-18] (VIA)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH)
HKLM\...\RunOnce: [Raptor] => C:\Program Files\McAfee\Raptor\Raptor.exe [1804656 2014-12-09] (McAfee Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8846176 2014-09-03] (Binary Fortress Software)
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\MountPoints2: {be8f38f8-9ec2-11e3-abda-bcaec5d69d98} - F:\autorun.exe
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\MountPoints2: {d31390dd-0e40-11e4-b9ee-bcaec5d69d98} - F:\Startme.exe
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\MountPoints2: {eb1c5f14-edd8-11e2-8395-bcaec5d69d98} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-06-24] (Microsoft Corporation)
Startup: C:\Users\h.petermaier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1541001554-288298477-1602340367-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-1541001554-288298477-1602340367-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-1541001554-288298477-1602340367-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://nmd.msn.com
HKU\S-1-5-21-1541001554-288298477-1602340367-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://nmd.msn.com
HKU\S-1-5-21-244105888-1459402404-3392459938-1165\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
SearchScopes: HKLM -> {81A7596C-F92F-4FD9-BB3F-8536FDC13244} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7BE63F7A-3FBD-4222-AAA9-6609B23F02B8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {81A7596C-F92F-4FD9-BB3F-8536FDC13244} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1541001554-288298477-1602340367-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1541001554-288298477-1602340367-1000 -> {7BE63F7A-3FBD-4222-AAA9-6609B23F02B8} URL = hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-244105888-1459402404-3392459938-1165 -> {81A7596C-F92F-4FD9-BB3F-8536FDC13244} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D7B6943C-9FEA-4EB8-BEC7-1A1731F39E8D}: [NameServer] 192.168.1.12
FireFox:
========
FF ProfilePath: C:\Users\h.petermaier\AppData\Roaming\Mozilla\Firefox\Profiles\c2kwwejp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.214\npSurveillancePlugin.dll (Synology)
FF Plugin HKU\S-1-5-21-244105888-1459402404-3392459938-1165: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Adblock Plus - C:\Users\h.petermaier\AppData\Roaming\Mozilla\Firefox\Profiles\c2kwwejp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-07]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-28]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5270896 2014-09-03] (Binary Fortress Software)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-18] ()
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global Corporation)
R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-07-18] (Sony Mobile Communications)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2013-11-21] (libusb-win32 / Wiki / Home)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-17] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [43752 2013-12-22] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-17] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-17] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.)
R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-02-26] () [File not signed]
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-08-26] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-08-26] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-08-26] (Acronis International GmbH)
U3 agjzx1vt; C:\Windows\System32\Drivers\agjzx1vt.sys [0 ] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-09 16:39 - 2014-12-09 16:40 - 00000000 ____D () C:\Users\h.petermaier\AppData\Roaming\Mozilla
2014-12-09 16:39 - 2014-12-09 16:40 - 00000000 ____D () C:\Users\h.petermaier\AppData\Local\Mozilla
2014-12-09 16:39 - 2014-12-09 16:39 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 16:39 - 2014-12-09 16:39 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-09 16:39 - 2014-12-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 16:39 - 2014-12-09 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 16:37 - 2014-12-09 16:39 - 32041144 _____ () C:\Users\h.petermaier\Downloads\Firefox Setup 31.3.0esr.exe
2014-12-09 16:22 - 2014-12-09 16:22 - 00000000 ____D () C:\windows\ERUNT
2014-12-09 16:21 - 2014-12-09 16:21 - 01670680 _____ () C:\Users\h.petermaier\Downloads\JRT.zip
2014-12-09 16:09 - 2014-12-09 16:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-09 16:08 - 2014-12-09 16:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\h.petermaier\Downloads\revosetup95.exe
2014-12-09 15:28 - 2012-11-07 09:00 - 00058360 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2014-12-09 13:24 - 2014-12-09 15:27 - 00000000 ____D () C:\AdwCleaner
2014-12-09 13:24 - 2014-12-09 13:24 - 02166272 _____ () C:\Users\h.petermaier\Downloads\AdwCleaner_4.105.exe
2014-12-09 11:32 - 2014-12-09 17:00 - 00021097 _____ () C:\Users\h.petermaier\Downloads\FRST.txt
2014-12-09 11:32 - 2014-12-09 11:33 - 00046845 _____ () C:\Users\h.petermaier\Downloads\Addition.txt
2014-12-09 11:31 - 2014-12-09 17:00 - 00000000 ____D () C:\FRST
2014-12-09 11:31 - 2014-12-09 11:31 - 02119680 _____ (Farbar) C:\Users\h.petermaier\Downloads\FRST64.exe
2014-12-09 09:21 - 2014-12-09 09:21 - 00000128 ___RH () C:\Users\h.petermaier\Downloads\Stinger.opt
2014-12-09 09:21 - 2014-12-09 09:21 - 00000000 __SHD () C:\Users\h.petermaier\AppData\Local\EmieUserList
2014-12-09 09:21 - 2014-12-09 09:21 - 00000000 __SHD () C:\Users\h.petermaier\AppData\Local\EmieSiteList
2014-12-09 09:10 - 2014-12-09 09:18 - 00000858 _____ () C:\Users\h.petermaier\Downloads\Stinger_09122014_091005.html
2014-12-09 09:10 - 2014-12-09 09:10 - 00000000 ____D () C:\Program Files\McAfee
2014-12-09 09:08 - 2014-12-09 09:09 - 14283120 _____ (McAfee Inc) C:\Users\h.petermaier\Downloads\stinger64_12.1.0.1242.exe
2014-12-09 08:15 - 2014-12-09 08:17 - 00000000 ____D () C:\Program Files (x86)\RAPID
2014-12-09 08:15 - 2014-12-09 08:15 - 00000000 ____D () C:\windows\system32\RAPID
2014-12-09 08:15 - 2014-09-16 14:30 - 00268976 _____ (Samsung Electronics Co., Ltd.) C:\windows\system32\Drivers\SamsungRapidDiskFltr.sys
2014-12-09 08:07 - 2014-12-09 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-12-01 17:08 - 2014-12-01 16:56 - 09052432 _____ (Cheat Engine ) C:\CheatEngine64.exe
2014-12-01 17:00 - 2014-12-01 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-12-01 17:00 - 2014-12-01 17:00 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-12-01 16:55 - 2014-12-01 16:56 - 09052432 _____ (Cheat Engine ) C:\Users\h.petermaier\Downloads\CheatEngine64.exe
2014-11-28 10:32 - 2014-11-28 10:32 - 00000000 ____D () C:\Users\h.petermaier\AppData\Local\Logishrd
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-09 17:00 - 2013-02-20 08:09 - 00000136 _____ () C:\windows\system32\config\netlogon.ftl
2014-12-09 16:32 - 2013-02-19 16:36 - 01086023 _____ () C:\windows\WindowsUpdate.log
2014-12-09 16:16 - 2013-02-20 09:30 - 00000000 ____D () C:\Users\h.petermaier\AppData\Local\Google
2014-12-09 16:16 - 2013-02-20 07:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-09 16:02 - 2013-02-20 09:48 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 15:35 - 2009-07-14 05:45 - 00009712 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:35 - 2009-07-14 05:45 - 00009712 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 15:34 - 2009-09-30 07:32 - 00704836 _____ () C:\windows\system32\perfh007.dat
2014-12-09 15:34 - 2009-09-30 07:32 - 00151236 _____ () C:\windows\system32\perfc007.dat
2014-12-09 15:34 - 2009-07-14 06:13 - 01629284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-09 15:31 - 2013-02-20 09:48 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 15:31 - 2013-02-20 09:48 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 15:31 - 2013-02-20 09:48 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 15:29 - 2013-02-20 09:50 - 00000000 ___RD () C:\Users\h.petermaier\Dropbox
2014-12-09 15:29 - 2013-02-20 09:47 - 00000000 ____D () C:\Users\h.petermaier\AppData\Roaming\Dropbox
2014-12-09 15:29 - 2009-07-14 05:51 - 00340053 _____ () C:\windows\setupact.log
2014-12-09 15:28 - 2013-02-20 08:10 - 00245048 _____ () C:\windows\PFRO.log
2014-12-09 15:28 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-09 09:21 - 2013-03-27 15:46 - 00000000 ____D () C:\Program Files\stinger
2014-12-09 08:09 - 2014-08-21 13:40 - 00003260 _____ () C:\windows\System32\Tasks\SamsungMagician
2014-12-09 08:09 - 2014-08-21 13:37 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-12-08 17:34 - 2013-03-21 14:48 - 00000000 ____D () C:\Users\h.petermaier\AppData\Roaming\vlc
2014-12-04 10:50 - 2014-01-27 07:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-28 10:32 - 2013-02-20 09:45 - 00023929 _____ () C:\windows\LDPINST.LOG
2014-11-28 10:32 - 2013-02-20 09:45 - 00002372 _____ () C:\windows\LkmdfCoInst.log
2014-11-28 10:32 - 2013-02-20 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-11-28 10:32 - 2013-02-20 09:44 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-11-28 10:31 - 2013-02-20 09:45 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys
2014-11-28 10:31 - 2013-02-20 09:45 - 00000000 ____D () C:\ProgramData\Logitech
2014-11-28 10:31 - 2013-02-20 09:45 - 00000000 ____D () C:\ProgramData\Logishrd
2014-11-19 16:16 - 2014-04-01 12:22 - 00000000 ____D () C:\Users\h.petermaier\AppData\Local\Battle.net
2014-11-19 16:05 - 2014-04-01 12:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-18 11:05 - 2013-06-06 16:16 - 00000000 ____D () C:\SD Karte
2014-11-18 10:49 - 2014-07-18 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-11-18 10:49 - 2013-06-06 14:45 - 00294322 _____ () C:\windows\DPINST.LOG
2014-11-18 10:49 - 2011-02-07 00:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-17 09:33 - 2013-02-20 09:48 - 00000000 ____D () C:\Users\h.petermaier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 07:50 - 2014-07-21 07:04 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-11-14 07:50 - 2014-07-21 07:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-11-14 07:50 - 2014-07-21 07:04 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-11-14 07:50 - 2014-07-21 07:04 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 07:50 - 2014-07-21 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 07:50 - 2013-11-20 07:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-14 07:49 - 2013-11-20 07:43 - 00000000 ____D () C:\Program Files (x86)\Java
Some content of TEMP:
====================
C:\Users\h.petermaier\AppData\Local\Temp\257B94caE68d.exe
C:\Users\h.petermaier\AppData\Local\Temp\4jnczpsx.dll
C:\Users\h.petermaier\AppData\Local\Temp\6A09.exe
C:\Users\h.petermaier\AppData\Local\Temp\85Eab.exe
C:\Users\h.petermaier\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\h.petermaier\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\h.petermaier\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\h.petermaier\AppData\Local\Temp\AskSLib.dll
C:\Users\h.petermaier\AppData\Local\Temp\CMInstaller.exe
C:\Users\h.petermaier\AppData\Local\Temp\drm_dialogs.dll
C:\Users\h.petermaier\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\h.petermaier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy_llya.dll
C:\Users\h.petermaier\AppData\Local\Temp\E2193.exe
C:\Users\h.petermaier\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\h.petermaier\AppData\Local\Temp\FreemakeVideoConverter_4.1.3.14.exe
C:\Users\h.petermaier\AppData\Local\Temp\i4jdel0.exe
C:\Users\h.petermaier\AppData\Local\Temp\installer_x64.exe
C:\Users\h.petermaier\AppData\Local\Temp\installer_x86.exe
C:\Users\h.petermaier\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\h.petermaier\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\h.petermaier\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\h.petermaier\AppData\Local\Temp\LMkRstPt.exe
C:\Users\h.petermaier\AppData\Local\Temp\patchw32.dll
C:\Users\h.petermaier\AppData\Local\Temp\Quarantine.exe
C:\Users\h.petermaier\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe
C:\Users\h.petermaier\AppData\Local\Temp\sdanircmdc.exe
C:\Users\h.petermaier\AppData\Local\Temp\sdapskill.exe
C:\Users\h.petermaier\AppData\Local\Temp\sdaspwn.exe
C:\Users\h.petermaier\AppData\Local\Temp\Setup-Arbeitszeugnis-Generator.exe
C:\Users\h.petermaier\AppData\Local\Temp\sqlite3.dll
C:\Users\h.petermaier\AppData\Local\Temp\sweetpage294wld_n2.exe
C:\Users\h.petermaier\AppData\Local\Temp\TenadoCAD2012Installer.exe
C:\Users\h.petermaier\AppData\Local\Temp\TenadoCAD2012_ServicePack1204640.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.0.8-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\h.petermaier\AppData\Local\Temp\winping.dll
C:\Users\h.petermaier\AppData\Local\Temp\ws9bzx78.dll
C:\Users\h.petermaier\AppData\Local\Temp\_is3BF0.exe
C:\Users\h.petermaier\AppData\Local\Temp\_is41F.exe
C:\Users\h.petermaier\AppData\Local\Temp\_is5911.exe
C:\Users\h.petermaier\AppData\Local\Temp\_is5EF7.exe
C:\Users\h.petermaier\AppData\Local\Temp\_is688C.exe
C:\Users\h.petermaier\AppData\Local\Temp\_isA7C9.exe
C:\Users\h.petermaier\AppData\Local\Temp\_isD478.exe
C:\Users\h.petermaier\AppData\Local\Temp\_isD707.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-17 11:56
==================== End Of Log ============================
--- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by h.petermaier at 2014-12-09 17:00:52
Running from C:\Users\h.petermaier\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Endpoint Protection (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Endpoint Protection (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Endpoint Protection Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ArtMoney SE v7.41 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.41 - System SoftLab)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9045 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Borland BDE (HKLM-x32\...\{B1F0951E-BA9E-4C55-87B9-FC886E223D38}) (Version: 5.01 - Borland)
BufferChm (x32 Version: 130.0.327.000 - Hewlett-Packard) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Color Network ScanGear 2 (HKLM\...\{95F1E28D-A360-421B-8BDC-0640A3BD945B}) (Version: 2.0.0 - CANON INC.)
Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Ihr Firmenname)
Command & Conquer™ 3: Kanes Rache (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Ihr Firmenname)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DämmCalc Hochbau 3.0- Deinstallieren (HKLM-x32\...\e.ver Software DämmCalc Hochbau 3.0_is1) (Version: - )
Deinstallation Arbeitszeugnis-Generator (HKLM-x32\...\Arbeitszeugnis-Generator_is1) (Version: - va-kanz software und beratung)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DisplayFusion 6.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.1.0.0 - Binary Fortress Software)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.00.29 - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version: - Black Isle Studios)
Free DWG Viewer 7.2 (HKLM-x32\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.69 - IGC)
GPBaseService2 (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript) (Version: 9.02 - Artifex Software Inc.)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
hpg3010 (x32 Version: 14.0.0.0 - Ihr Firmenname) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.367.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Jagged Alliance - Back in Action (HKLM-x32\...\Steam App 57740) (Version: - Coreplay GmbH)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
M4-78 Enhancement Project (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version: - )
Media Player Codec Pack 4.2.5 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.5 - Media Player Codec Pack)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 31.3.0 ESR (x86 de) (HKLM-x32\...\Mozilla Firefox 31.3.0 ESR (x86 de)) (Version: 31.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\MyFreeCodec) (Version: - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Panda Endpoint Agent (HKLM-x32\...\PCOP Agent) (Version: 7.00.00.0000 - Panda Security)
Panda Endpoint Agent (x32 Version: 7.00.00.0000 - Panda Security) Hidden
Panda Endpoint Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 06.81.11.0000 - Panda Security)
Panda Endpoint Protection (Version: 5.15.00.0000 - Panda Security) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
qvPDF v3.1 (HKLM-x32\...\{DE252510-5687-4C60-A705-C43E19F12C9D}_is1) (Version: - )
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
RawTherapee Version 4.1 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.1 - rawtherapee.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SolutionCenter (x32 Version: 130.0.369.000 - Hewlett-Packard) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.235 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.235 - Sony)
Spotify (HKU\S-1-5-21-244105888-1459402404-3392459938-1165\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SurveillancePlugin (HKLM-x32\...\{B379547F-C1FE-4F61-AE7C-5FCC17708CC9}) (Version: 1.0.0.214 - Synology)
Tacho+Personal (x32 Version: 1.40.19.9586 - SoftProject AG CH-9000 St.Gallen) Hidden
TachoPlusFreeDriver (HKLM-x32\...\TachoPlusFreeDriver) (Version: 1.40.19.9586 - SoftProject)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TENADO CAD 2012 (HKLM-x32\...\{F699991D-E527-4F91-8DC7-E90C05318C4E}) (Version: 12.0.4640 - TENADO GmbH)
TENADO CAD-Symbols 2012 (HKLM-x32\...\{2342E479-3C3A-4A30-BC99-535A4BE5B6E8}) (Version: 12.0.4586 - Technobox GmbH)
TENADO ZEICHNUNGSARCHIV 2012 (HKLM-x32\...\{1DF8C808-3AFE-4B7E-8596-3446410A04AC}) (Version: 12.0.4200 - Technobox GmbH)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.128.017 - Hewlett-Packard) Hidden
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wise Registry Cleaner 8.23 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.23 - WiseCleaner.com, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll No File
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-244105888-1459402404-3392459938-1165_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
13-10-2014 06:34:56 Sony PC Companion
16-10-2014 14:56:48 DirectX wurde installiert
03-11-2014 07:08:47 Geplanter Prüfpunkt
04-11-2014 10:52:32 Removed TENADO CAD 2012.
04-11-2014 10:53:34 Installed TENADO CAD 2012.
14-11-2014 10:01:32 Geplanter Prüfpunkt
09-12-2014 07:15:24 RAPID
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-02-26 09:50 - 00000976 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 CD and DVD Burning Software - Alcohol Soft copy and virtual drive software Alcohol 120 and 52% Free Edition
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2AFD5640-60DD-4CDC-A096-345306ABF728} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {32BF64CB-88E8-4567-85E8-177DB6EE1D7F} - \{9470664D-C91F-40E0-9132-D4008602677D} No Task File <==== ATTENTION
Task: {3CBBB2E4-6673-448A-8CDC-F2E3D96FEA81} - System32\Tasks\{CC5D78D9-E8C8-49FA-A953-275C954D3EDE} => C:\Users\h.petermaier\Downloads\fifa-international-soccer\fifa.exe [1996-12-24] ()
Task: {4B25A237-138D-4888-81C4-42D16CA7CE4F} - \{2A297595-FC88-48A7-B944-FA0DEE923D7F} No Task File <==== ATTENTION
Task: {4E388F41-359F-4715-B2CF-F804D460DA93} - System32\Tasks\{A27509B4-4F4A-412D-9330-8472B965BCEF} => C:\Users\h.petermaier\Downloads\fifa-international-soccer\fifa.exe [1996-12-24] ()
Task: {5D79F645-D8D2-46AC-96DD-8B7D55932F79} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {63396029-154D-4389-9C86-7BE409D713F6} - System32\Tasks\{5AD43D0B-320A-4E67-A10A-FE048F4BE40E} => C:\Users\h.petermaier\Downloads\fifa-international-soccer\fifa.exe [1996-12-24] ()
Task: {81670B61-159E-4AC9-B35B-46872BF163B9} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {85481277-536D-40EF-891B-516266B8C95E} - System32\Tasks\{70A7ADAC-8D98-499B-8814-A750DA1DCA0F} => C:\Users\h.petermaier\Downloads\fifa-international-soccer\fifa.exe [1996-12-24] ()
Task: {9685F9D4-7368-4501-BDAD-868811B5EE46} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {9AF80A29-CE4B-4767-8A43-B22D9BC65C89} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {A8B2118F-39A2-4A9D-9061-E56229474381} - \{5CE5D06C-CB47-4C0F-8C50-72839750088A} No Task File <==== ATTENTION
Task: {F291D1E0-E1CF-4197-8F63-45CD466B3DF3} - \{E0976F92-67E7-4978-BF5C-D319CEB54A07} No Task File <==== ATTENTION
Task: {FA4CA05E-3DB3-4A85-AC24-DCCE980C3F99} - \{AEA335FB-25D3-4202-A692-DA19279A9856} No Task File <==== ATTENTION
Task: {FD4A6331-8597-44DE-83FA-0E169F652BDB} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-06-24] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-07-07 14:26 - 2012-03-20 10:25 - 00027904 _____ () C:\windows\System32\CFA64MON.DLL
2013-02-20 08:32 - 2005-03-12 11:07 - 00087552 _____ () C:\windows\System32\qvredmonnt.dll
2013-06-06 14:45 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-02-07 01:08 - 2009-05-07 15:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-02-07 01:08 - 2009-05-07 15:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-02-07 01:08 - 2008-01-18 13:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2011-02-07 01:08 - 2009-11-03 10:12 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00121363 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 02524691 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00713235 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00034323 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 12501523 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01470995 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00070163 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 02376211 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00106515 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00263699 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00080915 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00051219 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00063507 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00608275 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01022995 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00125459 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00043539 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00140307 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 02218003 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00318995 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00058387 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00043027 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00123923 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00039955 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00028179 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00330771 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00192019 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00833555 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00035859 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00071699 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00042003 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00029715 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00028691 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00085523 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00341011 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01505811 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00417811 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00230931 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00029715 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01745427 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00139795 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00186387 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00081939 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01506835 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00016915 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00029715 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2013-10-01 09:32 - 2013-10-01 09:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\WAC\SQLite3.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00046336 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\ApiCr.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00103680 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\MiniCrypto.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00513280 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\libxml2.dll
2014-12-09 15:29 - 2014-12-09 15:29 - 00043008 _____ () c:\users\h5137~1.pet\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy_llya.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\h.petermaier\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-04 17:25 - 2014-02-04 17:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 17:25 - 2014-02-04 17:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 11:02 - 2013-10-10 11:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2014-08-21 13:37 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-02-18 07:48 - 2014-02-18 07:48 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2011-02-07 00:20 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-04 17:28 - 2014-02-04 17:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2001-05-10 17:00 - 2001-05-10 17:00 - 00589312 _____ () C:\Program Files (x86)\Common Files\Borland Shared\BDE\idapi32.DLL
2001-05-10 17:00 - 2001-05-10 17:00 - 00125952 _____ () C:\Program Files (x86)\Common Files\Borland Shared\BDE\IDR20007.DLL
2001-05-10 17:00 - 2001-05-10 17:00 - 00101376 _____ () C:\Program Files (x86)\Common Files\Borland Shared\BDE\BANTAM.DLL
2001-05-10 17:00 - 2001-05-10 17:00 - 00255488 _____ () C:\Program Files (x86)\Common Files\Borland Shared\BDE\IDPDX32.DLL
2014-12-09 16:39 - 2014-11-25 17:27 - 03801200 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\h.petermaier\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\h.petermaier\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Online Weather => C:\Users\h.petermaier\AppData\Local\WebPlayer\Online Weather\WebPlayer.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\h.petermaier\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\h.petermaier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
========================= Accounts: ==========================
Admin (S-1-5-21-1541001554-288298477-1602340367-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1541001554-288298477-1602340367-500 - Administrator - Disabled)
Gast (S-1-5-21-1541001554-288298477-1602340367-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 82%
Total physical RAM: 4087.05 MB
Available physical RAM: 700.35 MB
Total Pagefile: 4598.74 MB
Available Pagefile: 735.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:216.23 GB) (Free:79.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:449.11 GB) (Free:313.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive p: () (Network) (Total:735.68 GB) (Free:635.28 GB)
Drive x: () (Network) (Total:735.68 GB) (Free:635.28 GB)
Drive z: () (Network) (Total:735.68 GB) (Free:635.28 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B8BC6792)
Partition 1: (Not Active) - (Size=216.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=16.7 GB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33C1FE93)
Partition 1: (Not Active) - (Size=449.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=16.7 GB) - (Type=27)
==================== End Of Log ============================
Ich muss hinzufügen, ich habe Chrome von beiden Rechnern jetzt vollständig entfernt und nehme einen anderen Browser her. Die Seiten sind ja nur im Chrome aufgegangen. |
|
09.12.2014, 18:07
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {32BF64CB-88E8-4567-85E8-177DB6EE1D7F} - \{9470664D-C91F-40E0-9132-D4008602677D} No Task File <==== ATTENTION
Task: {4B25A237-138D-4888-81C4-42D16CA7CE4F} - \{2A297595-FC88-48A7-B944-FA0DEE923D7F} No Task File <==== ATTENTION
Task: {A8B2118F-39A2-4A9D-9061-E56229474381} - \{5CE5D06C-CB47-4C0F-8C50-72839750088A} No Task File <==== ATTENTION
Task: {F291D1E0-E1CF-4197-8F63-45CD466B3DF3} - \{E0976F92-67E7-4978-BF5C-D319CEB54A07} No Task File <==== ATTENTION
Task: {FA4CA05E-3DB3-4A85-AC24-DCCE980C3F99} - \{AEA335FB-25D3-4202-A692-DA19279A9856} No Task File <==== ATTENTION
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.12.2014, 15:21
| #21 |
| | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2014 Ran by h.petermaier at 2014-12-10 15:10:09 Run:1 Running from C:\Users\h.petermaier\Downloads Loaded Profiles: Admin & h.petermaier (Available profiles: Admin & h.petermaier) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {32BF64CB-88E8-4567-85E8-177DB6EE1D7F} - \{9470664D-C91F-40E0-9132-D4008602677D} No Task File <==== ATTENTION Task: {4B25A237-138D-4888-81C4-42D16CA7CE4F} - \{2A297595-FC88-48A7-B944-FA0DEE923D7F} No Task File <==== ATTENTION Task: {A8B2118F-39A2-4A9D-9061-E56229474381} - \{5CE5D06C-CB47-4C0F-8C50-72839750088A} No Task File <==== ATTENTION Task: {F291D1E0-E1CF-4197-8F63-45CD466B3DF3} - \{E0976F92-67E7-4978-BF5C-D319CEB54A07} No Task File <==== ATTENTION Task: {FA4CA05E-3DB3-4A85-AC24-DCCE980C3F99} - \{AEA335FB-25D3-4202-A692-DA19279A9856} No Task File <==== ATTENTION EmptyTemp: Hosts: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32BF64CB-88E8-4567-85E8-177DB6EE1D7F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32BF64CB-88E8-4567-85E8-177DB6EE1D7F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9470664D-C91F-40E0-9132-D4008602677D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B25A237-138D-4888-81C4-42D16CA7CE4F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B25A237-138D-4888-81C4-42D16CA7CE4F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A297595-FC88-48A7-B944-FA0DEE923D7F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8B2118F-39A2-4A9D-9061-E56229474381}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8B2118F-39A2-4A9D-9061-E56229474381}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5CE5D06C-CB47-4C0F-8C50-72839750088A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F291D1E0-E1CF-4197-8F63-45CD466B3DF3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F291D1E0-E1CF-4197-8F63-45CD466B3DF3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E0976F92-67E7-4978-BF5C-D319CEB54A07}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA4CA05E-3DB3-4A85-AC24-DCCE980C3F99}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA4CA05E-3DB3-4A85-AC24-DCCE980C3F99}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AEA335FB-25D3-4202-A692-DA19279A9856}" => Key deleted successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 6.3 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Sorry das es jetzt länger gedauert hat! |
|
10.12.2014, 16:12
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.12.2014, 07:57
| #23 |
| | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange)Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.12.2014 Suchlauf-Zeit: 16:36:29 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.10.06 Rootkit Datenbank: v2014.12.08.03 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: h.petermaier Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 377107 Verstrichene Zeit: 8 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 Trojan.Downloader.PP, C:\Users\h.petermaier\AppData\Roaming\phonostar GmbH\phonostar-Player\install_flash_player.exe, In Quarantäne, [dc52f56cd3a99c9a812d0a010cf9ca36], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=af22157986e57549b37b3bbaa357c6d7
# engine=21491
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-10 05:57:59
# local_time=2014-12-10 06:57:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 23017552 204430253 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 18048 169864129 0 0
# scanned=506856
# found=8
# cleaned=8
# scan_time=6039
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\H5137~1.PET\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=AAAC67A269C4435C7C4C672321DD4615009923E5 ft=1 fh=9494735bd3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\h.petermaier\Downloads\Arbeitszeugnis-Generator-lnstall.exe"
sh=B1BDA5178855EE7339E996E4962210934F7808ED ft=1 fh=8270916ad9b5b514 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\h.petermaier\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
sh=B1BDA5178855EE7339E996E4962210934F7808ED ft=1 fh=8270916ad9b5b514 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\h.petermaier\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001"
sh=2860D062EC1AE1D58870818B4459F01E67541BFB ft=1 fh=1424bb462488f869 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Users\h.petermaier\AppData\Local\Temp\sweetpage294wld_n2.exe"
sh=2860D062EC1AE1D58870818B4459F01E67541BFB ft=1 fh=1424bb462488f869 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Users\h.petermaier\AppData\Local\Temp\29c2217fff8359d2c648e0ce94c6c82b\sweetpage294wld_n2.exe"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Users\h.petermaier\AppData\Local\Temp\OCS\ocs_v71b.exe"
sh=AAAC67A269C4435C7C4C672321DD4615009923E5 ft=1 fh=9494735bd3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Users\h.petermaier\Downloads\Arbeitszeugnis-Generator-lnstall.exe"
|
|
11.12.2014, 09:00
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\h.petermaier\Downloads\Arbeitszeugnis-Generator-lnstall.exe
E:\Users\h.petermaier\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
E:\Users\h.petermaier\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001
E:\Users\h.petermaier\Downloads\Arbeitszeugnis-Generator-lnstall.exe
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.12.2014, 16:23
| #25 |
| | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange)Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2014
Ran by h.petermaier at 2014-12-11 16:17:27 Run:2
Running from C:\Users\h.petermaier\Downloads
Loaded Profile: h.petermaier (Available profiles: Admin & h.petermaier)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\h.petermaier\Downloads\Arbeitszeugnis-Generator-lnstall.exe
E:\Users\h.petermaier\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
E:\Users\h.petermaier\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001
E:\Users\h.petermaier\Downloads\Arbeitszeugnis-Generator-lnstall.exe
EmptyTemp:
Hosts:
*****************
"C:\Users\h.petermaier\Downloads\Arbeitszeugnis-Generator-lnstall.exe" => File/Directory not found.
"E:\Users\h.petermaier\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000" => File/Directory not found.
"E:\Users\h.petermaier\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001" => File/Directory not found.
"E:\Users\h.petermaier\Downloads\Arbeitszeugnis-Generator-lnstall.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 80.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
|
|
11.12.2014, 23:08
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.12.2014, 08:06
| #27 |
| | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Erstmal vielen Dank! Hätte nicht gedacht, dass es so viele Prozesse sind, bis man alles wieder sauber hat. Wäre es sinnvoll, alle Passwörter gleich noch zu ändern, wenn die Cookies ausgespäht wurden? Die Probleme hatte ich nur mit Chrome. Seit ich vor 2 Tagen Firefox drauf gemacht habe, kam da nix mehr. Die Addons, die du empfohlen hast, werde ich natürlich nutzen. Soll ich von den installierten Tools von dir, welche drauf lassen? |
|
12.12.2014, 09:34
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Die Tools sind nur Empfehlungen... Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.12.2014, 11:00
| #29 |
| | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Nochmal Danke dafür! Echt ein klasse Forum! Eine Frage hab ich dann noch: Hab noch einen PC im Familienkreis, der ähnliche Probleme hat. Kann ich da die Schritte hier nach und nach so durchgehen? Die von der gepostete Fixlist muss halt dann immer dementsprechend geändert werden. |
|
12.12.2014, 11:24
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) Für jeden Rechner bitte nen neuen Strang aufmachen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Selbständig öffnende Threads in Chrome mit Umfragefenster (youradexchange) |
| bereits, chrome, einfach, fenster, gelöscht, gutes, laufe, laufen, leute, problem, rechner, rechnern, safari, scan, scanner, selbständig, tagen, threads, vermutlich, virenscan, virenscanner, windows, youradexchange, zusätzlich, öffnen |
Linear-Darstellung
