![]() |
Plagegeister aller Art und deren Bekämpfung: Unbekannte Geräte im Lautstärke MixerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() Unbekannte Geräte im Lautstärke Mixer Hallo, seit neuestem sind bei mir im Lautstärke Mixer zwei Geräte mit "Name nicht verfügbar". Und zwar spiele sie Werbung ab ob wohl nichts geöffnet ist. Ich kann sie zwar beide ganz aus stellen. Allerdings aktivieren sie sich dann von selber wieder. Habe schon in der Systemsteuerung bei Programmen geguckt. Es ist aber nichts neues installiert worden. Weiß zufällig jemand wie man so was löschen kann? THX |
![]() | #2 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Unbekannte Geräte im Lautstärke Mixer hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: ![]() (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
![]() | #3 |
| ![]() Unbekannte Geräte im Lautstärke Mixer FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014 Ran by Niko (administrator) on NIKO-PC on 26-12-2014 17:14:53 Running from C:\Users\Niko\Downloads Loaded Profile: Niko (Available profiles: Niko) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google Inc.) C:\Program Files (x86)\Google\Update\\GoogleCrashHandler64.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe () E:\RealDownloader\rndlresolversvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Team MediaPortal) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe (Mozilla Corporation) C:\Users\Niko\AppData\Local\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows.old\Windows\explorer.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation) HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-12-16] (Copyright 2013 SAMSUNG) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...\MountPoints2: {04512d4e-8d39-11e0-a5e6-806e6f6e6963} - F:\SETUP.EXE HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...\MountPoints2: {6d68e910-27d3-11e1-a2bb-00268312118e} - K:\raf-nfstr.exe HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems) Startup: C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Niko\AppData\Local\MEGAsync\ShellExtX64.dll () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Niko\AppData\Local\MEGAsync\ShellExtX64.dll () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Niko\AppData\Local\MEGAsync\ShellExtX64.dll () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\Niko\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\Niko\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\Niko\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Niko\AppData\Local\MEGAsync\ShellExtX32.dll () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Niko\AppData\Local\MEGAsync\ShellExtX32.dll () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Niko\AppData\Local\MEGAsync\ShellExtX32.dll () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {41564952-412D-5637-4300-7A786E7484D7} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: NXIECatcher Class -> {83B80A9C-D91A-4F22-8DCF-EA7204039F79} -> No File BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name -> {daf5b34c-1aa3-4c33-ae24-766a370635d2} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - No Name - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - No File Toolbar: HKLM-x32 - NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - No File Toolbar: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] FireFox: ======== FF ProfilePath: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\43xn6h2d.default-1419514457291 FF NewTab: FF Homepage: hxxp://google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.2.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\43xn6h2d.default-1419514457291\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-12-25] FF Extension: No Name - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\43xn6h2d.default-1419514457291\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-25] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-06] FF HKLM-x32\...\Firefox\Extensions: [{B1FC07E1-E05B-4567-8891-E63FBE545BA8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-10-19] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [49ffxtbr@UtilityChest_49.com] - C:\Program Files (x86)\UtilityChest_49\bar\1.bin FF HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-06] FF StartMenuInternet: FIREFOX.EXE - C:\Users\Niko\AppData\Local\Mozilla Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-21] CHR Extension: (YouTube) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-03] CHR Extension: (Google-Suche) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-03] CHR Extension: (Google Wallet) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20] CHR Extension: (Google Mail) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-03] CHR HKLM-x32\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\Niko\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-11-12] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-08-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-11] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed] R2 RealNetworks Downloader Resolver Service; E:\RealDownloader\rndlresolversvc.exe [38608 2012-08-09] () S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-12-16] (Copyright 2013 SAMSUNG) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH) R2 TVService; C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [241664 2013-06-17] (Team MediaPortal) [File not signed] R2 Verifies and fixes application compatibility issues; C:\Users\Niko\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-22] () [File not signed] S2 SelfUpdateService; "C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe" -displayname "Self Update Service" -servicename "SelfUpdateService" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems) S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 17:14 - 2014-12-26 17:15 - 00021987 _____ () C:\Users\Niko\Downloads\FRST.txt 2014-12-26 16:23 - 2014-12-26 16:23 - 02173952 _____ () C:\Users\Niko\Downloads\adwcleaner_4.106.exe 2014-12-26 15:04 - 2013-09-30 16:26 - 03050808 _____ () C:\Windows\system32\pwNative.exe 2014-12-26 15:04 - 2013-09-30 16:26 - 00019152 ____N () C:\Windows\system32\pwdrvio.sys 2014-12-26 15:04 - 2013-09-30 16:26 - 00012504 ____N () C:\Windows\system32\pwdspio.sys 2014-12-26 14:46 - 2014-12-26 17:14 - 00000000 ____D () C:\FRST 2014-12-26 14:43 - 2014-12-26 14:43 - 02122752 _____ (Farbar) C:\Users\Niko\Downloads\FRST64.exe 2014-12-25 22:04 - 2014-12-26 16:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-25 22:04 - 2014-12-25 22:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-25 22:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-25 22:04 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-25 22:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-25 21:42 - 2014-12-25 21:42 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 15:52 - 2014-12-25 15:52 - 00000000 ____D () C:\Users\Niko\AppData\Local\Mozilla Firefox 2014-12-24 20:35 - 2014-12-24 20:35 - 00293304 _____ () C:\Windows\Minidump\122414-13634-01.dmp 2014-12-23 22:25 - 2014-12-26 17:06 - 00000112 _____ () C:\ProgramData\8btq8jua.dat 2014-12-23 22:23 - 2014-12-26 17:15 - 55665953 _____ () C:\Windows\SysWOW64\debug.log 2014-12-23 22:22 - 2014-12-23 22:23 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Compatibility Verifier 2014-12-21 12:58 - 2014-12-26 12:52 - 00000000 ____D () C:\Program Files\Samsung 2014-12-21 12:58 - 2014-12-21 16:57 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung 2014-12-21 12:58 - 2014-12-21 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-12-21 12:58 - 2014-12-21 12:58 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\SAMSUNG 2014-12-21 12:58 - 2014-12-21 12:58 - 00000000 ____D () C:\Upload 2014-12-21 12:58 - 2014-12-21 12:58 - 00000000 ____D () C:\ProgramData\SAMSUNG 2014-12-20 20:49 - 2014-12-20 20:49 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2014-12-20 20:49 - 2014-12-20 20:49 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Apple Computer 2014-12-20 20:49 - 2014-12-20 20:49 - 00000000 ____D () C:\Users\Niko\AppData\Local\Apple Computer 2014-12-20 20:49 - 2014-12-20 20:49 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-12-20 20:49 - 2014-12-20 20:49 - 00000000 ____D () C:\Program Files (x86)\Safari 2014-12-20 20:48 - 2014-12-20 20:48 - 00000000 ____D () C:\Users\Niko\AppData\Local\Apple 2014-12-20 20:48 - 2014-12-20 20:48 - 00000000 ____D () C:\ProgramData\Apple 2014-12-20 20:23 - 2014-12-20 20:23 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-20 20:23 - 2014-12-20 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-20 20:21 - 2014-12-26 16:36 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-20 20:21 - 2014-12-26 16:26 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-20 20:21 - 2014-12-20 20:21 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-12-20 20:21 - 2014-12-20 20:21 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-12-19 12:17 - 2014-12-19 12:17 - 00003092 _____ () C:\Windows\System32\Tasks\Update Service GoForFiles 2014-12-18 16:47 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 16:47 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-14 22:00 - 2014-12-14 22:00 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\DivX 2014-12-12 13:44 - 2014-12-12 13:44 - 00001123 _____ () C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk 2014-12-12 13:44 - 2014-12-12 13:44 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Telekom 2014-12-12 13:44 - 2014-12-12 13:44 - 00000000 ____D () C:\Users\Niko\AppData\Local\Telekom 2014-12-11 23:32 - 2014-12-11 23:32 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync 2014-12-11 23:32 - 2014-12-11 23:32 - 00000000 ____D () C:\Users\Niko\AppData\Local\MEGAsync 2014-12-11 13:45 - 2014-12-24 20:35 - 576541262 _____ () C:\Windows\MEMORY.DMP 2014-12-11 13:45 - 2014-12-11 13:45 - 00292936 _____ () C:\Windows\Minidump\121114-21871-01.dmp 2014-12-10 11:47 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 11:47 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 11:47 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 11:47 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 11:46 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 11:46 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 11:46 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 11:46 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 11:46 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 11:46 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 11:46 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 11:46 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 11:46 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 11:46 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 11:46 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 11:46 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 11:46 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 11:46 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 11:46 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 11:46 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 11:46 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 11:46 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 11:46 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 11:46 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 11:46 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 11:46 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 11:46 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 11:46 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 11:46 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 11:46 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 11:46 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 11:46 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 11:46 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 11:46 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 11:46 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 11:46 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 11:46 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 11:46 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 11:46 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 11:46 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 11:46 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 11:46 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 11:46 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 11:46 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 11:46 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 11:46 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 11:46 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 11:46 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 11:46 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 11:46 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 11:46 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 11:46 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 11:46 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 11:46 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 11:39 - 2014-12-10 11:39 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-09 23:05 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-09 23:05 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-09 23:02 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-09 23:02 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-09 23:02 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-09 23:02 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-09 23:02 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-09 23:02 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-09 23:02 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-09 23:02 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-09 22:49 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-09 22:49 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-09 22:44 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-09 22:34 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-09 22:34 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-09 22:34 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-09 22:34 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-09 22:34 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-09 22:34 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-09 22:34 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-09 22:34 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-09 22:34 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-09 22:34 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-09 22:34 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-09 22:34 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-09 22:33 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-09 22:33 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-08 13:23 - 2014-12-08 13:23 - 00000000 ____D () C:\Users\Niko\AppData\Local\TeamViewer 2014-12-08 13:17 - 2014-12-09 21:38 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\TeamViewer 2014-12-08 13:17 - 2014-12-08 13:21 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2014-12-08 13:17 - 2014-12-08 13:17 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2014-12-07 18:31 - 2014-12-16 11:11 - 00000000 ____D () C:\ProgramData\MEGAsync 2014-12-07 18:31 - 2014-12-10 20:11 - 00000000 ___RD () C:\Users\Niko\Documents\MEGAsync 2014-12-07 18:31 - 2014-12-07 18:31 - 00000758 _____ () C:\Users\Public\Desktop\MEGAsync.lnk 2014-12-07 18:31 - 2014-12-07 18:31 - 00000000 ____D () C:\Users\Niko\AppData\Local\Mega Limited 2014-12-07 18:31 - 2014-12-07 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync 2014-12-07 15:01 - 2014-12-12 18:30 - 00000000 ___RD () C:\Users\Niko\Dropbox 2014-12-07 15:01 - 2014-12-10 16:25 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-07 14:59 - 2014-12-12 18:30 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\Dropbox 2014-12-06 16:16 - 2014-12-06 16:16 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2014-12-03 18:42 - 2014-12-03 18:42 - 00002061 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2014-12-03 18:42 - 2014-12-03 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2014-12-03 18:42 - 2014-12-03 18:42 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer 2014-12-03 17:03 - 2014-12-10 16:25 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\MyPhoneExplorer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 16:48 - 2012-09-03 19:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-26 16:45 - 2009-07-14 05:45 - 00027840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-26 16:45 - 2009-07-14 05:45 - 00027840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-26 16:43 - 2011-06-02 17:59 - 01548972 _____ () C:\Windows\WindowsUpdate.log 2014-12-26 16:36 - 2011-06-02 18:19 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini 2014-12-26 16:35 - 2014-01-14 16:55 - 00720674 _____ () C:\Windows\PFRO.log 2014-12-26 16:35 - 2014-01-14 16:55 - 00026143 _____ () C:\Windows\setupact.log 2014-12-26 16:35 - 2013-07-28 13:55 - 00001114 _____ () C:\Windows\Tasks\HDvid Codec V1-enabler.job 2014-12-26 16:35 - 2013-06-21 19:34 - 00001828 _____ () C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job 2014-12-26 16:35 - 2013-06-21 19:33 - 00001902 _____ () C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job 2014-12-26 16:35 - 2011-06-02 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-26 16:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-26 16:34 - 2014-01-05 13:48 - 00000000 ____D () C:\Windows\system32\log 2014-12-26 16:34 - 2013-09-27 13:44 - 00000000 ____D () C:\AdwCleaner 2014-12-26 16:34 - 2011-06-02 18:01 - 00000000 ____D () C:\Users\Niko 2014-12-25 22:31 - 2011-06-06 20:13 - 00000000 ____D () C:\Users\Niko\AppData\Local\CrashDumps 2014-12-25 22:04 - 2012-04-26 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-25 21:58 - 2013-07-19 19:47 - 00000000 ____D () C:\ProgramData\MAGIX 2014-12-24 20:35 - 2012-06-08 19:41 - 00000000 ____D () C:\Windows\Minidump 2014-12-24 17:00 - 2011-06-18 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro 2014-12-24 16:59 - 2014-07-20 16:27 - 00000049 _____ () C:\Windows\SysWOW64\ScrRecX.log 2014-12-24 12:14 - 2012-07-07 19:09 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\vlc 2014-12-23 22:23 - 2013-06-26 16:36 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-21 12:59 - 2011-06-23 12:16 - 00000000 ____D () C:\Users\Niko\D-Fend Reloaded 2014-12-20 20:22 - 2012-09-03 19:53 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-19 15:37 - 2013-07-16 21:21 - 00000000 ____D () C:\Filme 2014-12-14 22:00 - 2014-11-09 16:51 - 00000000 ____D () C:\Users\Niko\AppData\Local\Nero 2014-12-11 12:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 11:12 - 2014-10-11 11:08 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-11 11:12 - 2014-03-05 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-11 11:12 - 2014-03-05 17:09 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-11 11:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-10 23:29 - 2013-08-14 12:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 23:23 - 2011-06-04 13:00 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 23:23 - 2011-06-02 20:20 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-10 11:50 - 2012-12-08 15:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 11:47 - 2009-07-14 18:58 - 00718866 _____ () C:\Windows\system32\perfh007.dat 2014-12-10 11:47 - 2009-07-14 18:58 - 00156680 _____ () C:\Windows\system32\perfc007.dat 2014-12-10 11:47 - 2009-07-14 06:13 - 01662620 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-10 11:39 - 2014-04-27 18:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 11:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-09 22:48 - 2012-09-03 19:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-09 22:48 - 2012-09-03 19:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 22:48 - 2011-06-02 20:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-09 21:37 - 2011-06-02 18:19 - 00161464 _____ () C:\Users\Niko\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-09 21:35 - 2009-07-14 05:45 - 00535960 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-06 16:16 - 2013-12-07 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-12-06 16:16 - 2011-06-03 11:03 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\DVDVideoSoft 2014-12-01 21:44 - 2011-06-02 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-11-29 19:46 - 2011-09-20 19:46 - 00000000 ____D () C:\Users\Niko\AppData\Roaming\MahJong Suite ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2109515080-2629231650-3485663799-1000\$591be3b9451eac411e7ba9d907c35c67 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$591be3b9451eac411e7ba9d907c35c67 Files to move or delete: ==================== C:\ProgramData\8btq8jua.dat C:\Users\Public\AlexaNSISPlugin.6364.dll Some content of TEMP: ==================== C:\Users\Niko\AppData\Local\Temp\amazonicon_fwde.exe C:\Users\Niko\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Niko\AppData\Local\Temp\avgnt.exe C:\Users\Niko\AppData\Local\Temp\BackupSetup.exe C:\Users\Niko\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb0gw6q.dll C:\Users\Niko\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.14.exe C:\Users\Niko\AppData\Local\Temp\FreeYouTubeDownload.exe C:\Users\Niko\AppData\Local\Temp\gSQLBsHQ6U.exe C:\Users\Niko\AppData\Local\Temp\i4jdel0.exe C:\Users\Niko\AppData\Local\Temp\Iiu65j8APG.exe C:\Users\Niko\AppData\Local\Temp\lnvhaSmg8i.exe C:\Users\Niko\AppData\Local\Temp\nsdAFD7.exe C:\Users\Niko\AppData\Local\Temp\nsdFBC.tmp.exe C:\Users\Niko\AppData\Local\Temp\nsiB5C0.exe C:\Users\Niko\AppData\Local\Temp\nsiB7E3.exe C:\Users\Niko\AppData\Local\Temp\nsnD065.exe C:\Users\Niko\AppData\Local\Temp\nstD2A8.exe C:\Users\Niko\AppData\Local\Temp\Quarantine.exe C:\Users\Niko\AppData\Local\Temp\sdan.exe C:\Users\Niko\AppData\Local\Temp\sdapk.exe C:\Users\Niko\AppData\Local\Temp\sdaspwn.exe C:\Users\Niko\AppData\Local\Temp\sdf3237.exe C:\Users\Niko\AppData\Local\Temp\sOR4ZgXXnL.exe C:\Users\Niko\AppData\Local\Temp\sp-downloader.exe C:\Users\Niko\AppData\Local\Temp\sqlite3.dll C:\Users\Niko\AppData\Local\Temp\tmd_34012294.exe C:\Users\Niko\AppData\Local\Temp\tmd_34016865.exe C:\Users\Niko\AppData\Local\Temp\Updater.exe C:\Users\Niko\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Niko\AppData\Local\Temp\vlc-2.1.5-win32.exe C:\Users\Niko\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2014-12-15 15:14 ==================== End Of Log ============================ --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014 Ran by Niko at 2014-12-26 17:15:37 Running from C:\Users\Niko\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) [PS3] Save Resigner (HKLM-x32\...\[PS3] Save Resigner 2.0.2) (Version: 2.0.2 - The Prince of Codes) [PS3] Save Resigner (x32 Version: 2.0.2 - The Prince of Codes) Hidden 123 Free Solitaire 2011 v8.0 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...\Amazon Kindle) (Version: - Amazon) Any Video Converter 3.4.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version: - ) Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: - ) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: - Avira Operations & Co. KG) Avira (x32 Version: - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: - Avira) Battle vs. Chess (HKLM-x32\...\Battle vs. Chess_is1) (Version: 1.0 - Zuxxez Entertainment) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: - BlueStack Systems, Inc.) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: - Atheros Communications) Crysis 2 Repack (By Zocky) Version 1.1 (HKLM-x32\...\{4AA8C384-8CC2-416B-8662-1F0418145251}_is1) (Version: 1.1 - Zocky) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden D-Fend Reloaded 1.1.0 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.1.0 - Alexander Herzog) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.) DriverBoost (HKLM-x32\...\{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}) (Version: 8.0.1 - DriverBoost) Dropbox (HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) DVDStyler v2.2 (HKLM-x32\...\DVDStyler_is1) (Version: - ) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free Audio CD to MP3 Converter version (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) Free Audio Converter version (HKLM-x32\...\Free Audio Converter_is1) (Version: - DVDVideoSoft Ltd.) Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version: - ) Free FLV Converter V 7.5.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: - Koyote Soft) Free Video Dub version (HKLM-x32\...\Free Video Dub_is1) (Version: - DVDVideoSoft Ltd.) Free Video Editor version (HKLM-x32\...\Free Video Editor_is1) (Version: - DVDVideoSoft Ltd.) Free Video to MP3 Converter version (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube Download version (HKLM-x32\...\Free YouTube Download_is1) (Version: - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation) GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.2 - ghost-mouse.com) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: - Google Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games) Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden ICQ 7.5 Build #5259 Banner Remover 1.0 (HKLM-x32\...\{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1) (Version: - murb.com) ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle) Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle) Java(TM) 6 Update 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: - Sun Microsystems, Inc.) K-Lite Codec Pack 10.1.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - ) MahJong Suite 2013 v10.0 (HKLM-x32\...\MahJong Suite_is1) (Version: 10.0 - TreeCardGames) Malwarebytes Anti-Malware Version (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: - Malwarebytes Corporation) marvell 91xx console driver (HKLM-x32\...\MagniDriver) (Version: - Marvell) MediaPortal (HKLM-x32\...\MediaPortal) (Version: 1.4.0 - Team MediaPortal) MediaPortal TV Server / Client (HKLM-x32\...\MediaPortal TV Server) (Version: 1.4.0 - Team MediaPortal) Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG) Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MotioninJoy DS3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0005 - www.motioninjoy.com) Movavi Video Editor (HKLM-x32\...\Movavi Video Editor 9) (Version: 9.6.2 - Movavi) Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi) Movica (HKLM-x32\...\{DEC0260E-680A-4E50-AE95-F2F75D95D442}) (Version: 1.6.6 - Sourceforge) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla) Mozilla Firefox 34.0.5 (x86 de) (HKU\S-1-5-21-2109515080-2629231650-3485663799-1000\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla) MPlayer für Windows (HKLM-x32\...\{97D341C8-B0D1-4E4A-A49A-C30B52F168E9}) (Version: 2014-05-05 - The MPlayer Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Myspace Video Downloader 3.21 (HKLM-x32\...\Myspace Video Downloader_is1) (Version: - DownloadToolz, Inc.) MySQL Server 5.1 (HKLM\...\{561AB451-B967-475C-80E0-3B6679C38B52}) (Version: 5.1.38 - MySQL AB) Need for Speed: The Run (HKLM-x32\...\{1F121516-E175-4E0B-AC4D-42DD5164E396}_is1) (Version: 1.0 - RAF) Nero Burning ROM 11 (HKLM-x32\...\{EFE4AB7D-4E94-441B-9A86-98E69E37567B}) (Version: 11.0.10500 - Nero AG) Nero CoverDesigner (HKLM-x32\...\{4167BAA8-EF59-43EB-B354-EC0A86046E6E}) (Version: 12.0.01300 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) Nero MediaHome Free (HKLM-x32\...\{281FEBAC-D5EF-46A6-B149-BF18445812D5}) (Version: 16.0.01000 - Nero AG) Nero Prerequisite Installer 1.0 (HKLM-x32\...\{AFD1BFF3-FE02-47BB-8F45-739D46AEA2BC}) (Version: 11.0.12700 - Nero AG) Nero Recode CE (HKLM-x32\...\NeroRecode!UninstallKey) (Version: - ) NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA 3D Vision Video Player (HKLM-x32\...\{123F0CCE-21AA-401D-A335-3EDF9C13AA52}) (Version: 1.6.9 - NVIDIA Corporation) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - ) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.0 - Frank Heindörfer, Philip Chinery) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - ) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Prerequisite installer (x32 Version: 16.0.0000 - Nero AG) Hidden Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) RealDownloader (HKLM-x32\...\{A88E1685-1986-4A86-8E88-5FE1E727D026}) (Version: 1.2.0 - RealNetworks, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: - Renesas Electronics Corporation) Hidden Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: - Apple Inc.) Samsung Link (HKLM\...\8474-7877-9059-0204) (Version: - Copyright 2013 SAMSUNG) save2pc 5.21 (HKLM-x32\...\save2pc & music2pc_is1) (Version: - FDRLab, Inc.) SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: - Electronic Arts) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartDVB (HKLM-x32\...\{6576B7AA-2EF5-4A8E-975B-F87830DF887E}) (Version: 1.3.88 - SmartWARE) SmarterPower (HKLM\...\SmarterPower) (Version: 2014.09.13.123451 - SmarterPower) <==== ATTENTION! Sokoban YASC (HKLM-x32\...\Sokoban YASC - Yet Another Sokoban Clone_is1) (Version: - ) South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00 (HKLM-x32\...\South Park Der Stab der Wahrheit Incl. Ultimate Fellowship Pack MULTI-2 1.00) (Version: - ) Spamihilator 1.5.0 (32-Bit) (HKLM-x32\...\{2BBCB7D2-55AA-4156-92B7-CE870624B3AB}) (Version: 1.5.0 - Michel Krämer) Spamihilator 1.5.0 (64-Bit) (HKLM\...\{A0D450C6-07C4-40C7-8D2B-840565E91987}) (Version: 1.5.0 - Michel Krämer) StreamTransport version: (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - ) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk) swMSM (x32 Version: - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - ) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer) The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - ) TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: - PCTV Systems) UnRarIt.Net (HKLM-x32\...\{475465E8-E390-4F1E-923D-8EB8998A294B}) (Version: 11.06.22 - Nils Maier) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft) Utility Chest Firefox Toolbar (HKLM-x32\...\UtilityChest_49bar Uninstall Firefox) (Version: - Mindspark Interactive Network) <==== ATTENTION VDMSound (HKLM-x32\...\VDMSound) (Version: 2.1.0 - Vlad Romascanu) Video Download Capture Version 4.9.1 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.1 - APOWERSOFT LIMITED) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Zattoo TV (HKLM-x32\...\{2313E1F1-49A9-4AF9-9B8F-3D4799C43EE1}) (Version: 1.0.1 - Your Company) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2109515080-2629231650-3485663799-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Niko\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-12-2014 23:04:13 Windows Update 20-12-2014 20:48:33 Installed Safari 23-12-2014 22:22:38 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 25-12-2014 17:36:45 Niko 25-12-2014 22:20:13 Removed TVCenter. 26-12-2014 12:46:37 Removed Apple Software Update 26-12-2014 12:51:14 Removed AllShare Framework DMS 26-12-2014 13:18:29 Wiederherstellung 26-12-2014 13:53:57 Removed Zoomy 1.5 26-12-2014 13:56:57 Removed SweetIM for Messenger 3.5 26-12-2014 13:58:12 Removed SweetIM for Messenger 3.5 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {18A3999E-A852-4F33-B93C-35779E1FCCB9} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG) Task: {47FE1D46-2CF6-42A4-B8B5-ED3ED2F58259} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-20] (Google Inc.) Task: {4B6D2285-70C7-43D5-BEA7-68564113411B} - \{BF21EB34-CBF3-49BD-B74C-F09DA52690BA} No Task File <==== ATTENTION Task: {595C610A-1B7D-4E75-B930-D794FD265D33} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2109515080-2629231650-3485663799-1000 No Task File <==== ATTENTION Task: {628AACAE-1058-4732-B670-5FD3B90FD1BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-20] (Google Inc.) Task: {6696E100-587A-4FF0-A860-8099E2A748E9} - \RDReminder No Task File <==== ATTENTION Task: {66A2E11E-6C92-44FF-B30A-D9C8A6D03751} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2109515080-2629231650-3485663799-1000 No Task File <==== ATTENTION Task: {768ADFCC-E7E5-49F5-81C5-415DAC13BDC8} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-2109515080-2629231650-3485663799-1000 No Task File <==== ATTENTION Task: {84F8DFCB-589B-4AA0-B03D-32246F0E9623} - System32\Tasks\Update Service GoForFiles => C:\Program Files (x86)\GoForFilesUpdater\GoForFilesUpdater.exe <==== ATTENTION Task: {8A6864F6-F8E3-4E22-B52C-009CAF10517B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8CBD462E-F142-46C7-9FF5-0ADD74E72472} - \{2E96A55D-FC68-49BE-B16C-84009A22E5FD} No Task File <==== ATTENTION Task: {95687F77-7617-49D0-A01C-CF7C6422EF36} - \HDvid Codec V1-enabler No Task File <==== ATTENTION Task: {A7EC3F59-05A3-4C2F-974B-AD30AE319DFB} - \{DB9D6A19-40CA-4CA6-9199-F291759F03AE} No Task File <==== ATTENTION Task: {A9B5F56B-E0A7-42D3-9628-7E35F9AB7C00} - \Plus-HD-2.3-firefoxinstaller No Task File <==== ATTENTION Task: {B64353CE-B866-4CE0-BC94-8D6F63D15D04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: {CC815AB2-AA4B-4A8F-B831-5D83C8695BA8} - \Plus-HD-2.3-chromeinstaller No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HDvid Codec V1-enabler.job => C:\Program Files (x86)\HDvid Codec V1\HDvid Codec V1-enabler.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2011-12-17 12:57 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2009-08-18 20:09 - 2009-08-18 20:09 - 07599616 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe 2012-08-09 12:02 - 2012-08-09 12:02 - 00038608 _____ () E:\RealDownloader\rndlresolversvc.exe 2014-12-23 22:22 - 2014-12-22 16:10 - 00087208 _____ () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe 2014-12-23 22:22 - 2014-12-22 15:41 - 39574696 _____ () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe 2014-05-01 15:13 - 2014-05-01 15:13 - 00470016 _____ () C:\Users\Niko\AppData\Local\MEGAsync\ShellExtX64.dll 2013-05-05 10:16 - 2013-05-05 10:16 - 00131072 _____ () C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\Gentle.Framework.dll 2013-05-05 10:16 - 2013-05-05 10:16 - 00069632 _____ () C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\Gentle.Common.dll 2013-05-05 10:16 - 2013-05-05 10:16 - 00024576 _____ () C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\Gentle.Provider.MySQL.dll 2013-05-05 10:16 - 2013-05-05 10:16 - 00040960 _____ () C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\Gentle.Provider.SQLServer.dll 2013-06-17 09:34 - 2013-06-17 09:34 - 00129024 _____ () C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\StreamingServer.dll 2014-12-23 22:22 - 2014-12-21 22:15 - 01360552 _____ () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\libglesv2.dll 2014-12-23 22:22 - 2014-12-21 22:15 - 00214184 _____ () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\libegl.dll 2014-12-23 22:22 - 2014-12-21 22:15 - 00985768 _____ () C:\Users\Niko\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll 2014-10-16 17:24 - 2014-10-16 17:24 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll 2011-06-02 18:10 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-12-09 22:48 - 2014-12-09 22:48 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll 2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2014-12-25 15:52 - 2014-12-25 15:52 - 03758192 _____ () C:\Users\Niko\AppData\Local\Mozilla Firefox\mozjs.dll 2014-05-01 15:15 - 2014-05-01 15:15 - 00463360 _____ () C:\Users\Niko\AppData\Local\MEGAsync\ShellExtX32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:966F7784 AlternateDataStreams: C:\Users\Public\DRM:احتضان ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Babylon Client => E:\Babylon\Babylon.exe -AutoStart MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: VirtualCloneDrive => "E:\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe" /s ========================= Accounts: ========================== Administrator (S-1-5-21-2109515080-2629231650-3485663799-500 - Administrator - Disabled) Gast (S-1-5-21-2109515080-2629231650-3485663799-501 - Limited - Disabled) Niko (S-1-5-21-2109515080-2629231650-3485663799-1000 - Administrator - Enabled) => C:\Users\Niko ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Microsoft-ISATAP-Adapter Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft-ISATAP-Adapter #2 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2014 05:05:40 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version=""1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version=""" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (12/26/2014 05:05:40 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version=""1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version=""" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (12/26/2014 04:46:50 PM) (Source: Outlook) (EventID: 34) (User: ) Description: Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007041d. Error: (12/26/2014 04:46:44 PM) (Source: Outlook) (EventID: 35) (User: ) Description: Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x800706ba). Error: (12/26/2014 04:46:13 PM) (Source: Outlook) (EventID: 35) (User: ) Description: Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x800706ba). Error: (12/26/2014 04:38:31 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (12/26/2014 04:34:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Das Objekt, das Sie erstellen wollen, ist bereits vorhanden. Verwenden Sie einen anderen Namen. (HRESULT : 0x80040d02) (0x80040d02) Error: (12/26/2014 04:34:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Das Objekt, das Sie erstellen wollen, ist bereits vorhanden. Verwenden Sie einen anderen Namen. (HRESULT : 0x80040d02) (0x80040d02) Error: (12/26/2014 04:34:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Das Objekt, das Sie erstellen wollen, ist bereits vorhanden. Verwenden Sie einen anderen Namen. (HRESULT : 0x80040d02) (0x80040d02) Error: (12/26/2014 04:34:02 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden. (HRESULT : 0x8004117f) (0x8004117f) System errors: ============= Error: (12/26/2014 05:15:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 91 Mal passiert. Error: (12/26/2014 05:15:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147218174. Error: (12/26/2014 05:15:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 90 Mal passiert. Error: (12/26/2014 05:15:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147218174. Error: (12/26/2014 05:15:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 89 Mal passiert. Error: (12/26/2014 05:15:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147218174. Error: (12/26/2014 05:15:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 88 Mal passiert. Error: (12/26/2014 05:15:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147218174. Error: (12/26/2014 05:15:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 87 Mal passiert. Error: (12/26/2014 05:15:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147218174. Microsoft Office Sessions: ========================= Error: (05/14/2012 09:14:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15860 seconds with 60 seconds of active time. This session ended with a crash. Error: (01/02/2012 09:44:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29397 seconds with 120 seconds of active time. This session ended with a crash. Error: (06/02/2011 08:51:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 379 seconds with 300 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz Percentage of memory in use: 48% Total physical RAM: 4072.89 MB Available physical RAM: 2096.58 MB Total Pagefile: 8143.95 MB Available Pagefile: 5316.04 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:370.2 GB) (Free:128.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Multimedia) (Fixed) (Total:366 GB) (Free:218.57 GB) NTFS Drive e: (Programme) (Fixed) (Total:195.31 GB) (Free:187.24 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 850949F3) Partition 1: (Active) - (Size=370.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=366 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ So sehen die beiden Logs aus. |
![]() | #4 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Unbekannte Geräte im Lautstärke Mixer hi, Downloade dir bitte ![]()
Downloade dir bitte ![]()
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() |
Themen zu Unbekannte Geräte im Lautstärke Mixer |
aktiviere, aktivieren, bekannte, geräte, installier, installiert, lautstärke, löschen, neues, nichts, programme, programmen, spiele, stelle, stärke, systems, systemsteuerung, unbekannte, verfügbar, von selber, werbung, zufällig |