|
Plagegeister aller Art und deren Bekämpfung: Es öffnet sich immer ein P****fenster im BrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.02.2015, 10:41 | #1 |
| Es öffnet sich immer ein P****fenster im Browser Hallo! In meiner Verzweiflung bin ich nun auf dieses Forum gestoßen. Ich schildere mal mein Problem: Bei mir öffnet sich, immer wenn ich auf Links klicke (egal welche Webseite) ein extra Fenster was auf eine P****seite weiterleitet. Ich bin definitiv auf keiner gewesen! Ich habe dann Malwarebytes laufen lassen und zwei Einträge in der Registry gefunden, die beide den DhcpNameServer ändern, auf irgendeine merkwürdige IP-Adresse. Ich dachte es liegt daran und habe dann diese gelöscht, und bin auch mit AdwCleaner drüber gegangen. Die Einträge existieren jetzt nicht mehr. Auch laut den beiden Programmen ist jetzt keine Gefahr mehr vorhanden. Trotzdem öffnet sich weiterhin öfters dieses Fenster. Ich habe von meiner Mutter das gleiche Problem beschrieben bekommen (alle über einen Router im Heimnetzwerk) und habe deshalb auch dort nachgeschaut, dort sind solche Registry-Einträge aber nicht vorhanden. Ich habe außerdem den PC meines Bruders (gerade einmal 13) überprüft und dort waren die Werte auch angegeben. Ich ging deshalb davon aus, dass es am Router liegen muss. Ich habe diesen zurückgesetzt und alle Einstellungen überprüft. Jetzt wird zwar nicht mehr der Dhcp-Eintrag geändert, trotzdem öffnet sich hin und wieder das Fenster. Mit keinem Programm lässt sich aber das Schadprogramm finden. Ich hoffe, dass ich das wegbekomme, das Forum ist sozusagen meine letzte Rettung vor dem Neuaufsetzen (was katastrophal wäre weil ich keine BackUps habe ) Ich hoffe Ihr könnt mir helfen, Karakal |
02.02.2015, 11:29 | #2 |
/// the machine /// TB-Ausbilder | Es öffnet sich immer ein P****fenster im Browser hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
02.02.2015, 11:35 | #3 |
| Es öffnet sich immer ein P****fenster im Browser Danke für die schnelle Antwort!
__________________Hier die FRST. txt: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by *** (administrator) on ***-PC_HP on 02-02-2015 11:32:53 Running from C:\Users\***\Desktop Loaded Profiles: *************** Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (ProdEx Technologies) C:\Windows\SysWOW64\slpservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe () C:\Windows\System32\valWBFPolicyService.exe (Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-02-03] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILRE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Amazon Cloud Player] => C:\Users\Wyn\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] () HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-12-29] (SlySoft, Inc.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [GoogleChromeAutoLaunch_18C8ADFAF96BD2AADE491DE6AD910887] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: F - "F:\Autorun.exe" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: H - "H:\Autorun.exe" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: {d1d19ffd-62d5-11e4-bebf-3423873bf9ca} - "F:\AutoRun.exe" HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Behringer X-UF USB Control Panel.lnk ShortcutTarget: Behringer X-UF USB Control Panel.lnk -> C:\Program Files\behringer\UsbAudioDriver_XUF\X-UF USB Control Panel.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.1\slpcap.exe (Seiko Instruments USA Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) Startup: C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk ShortcutTarget: Telegram.lnk -> C:\Users\Wyn\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram Messenger LLP) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Wyn\AppData\Roaming\Mozilla\Firefox\Profiles\auim9r1r.default FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4126525249-1915814395-1466209751-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Wyn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-12-18] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-21] FF HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-31] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR StartupUrls: Default -> "https://www.google.de/" CHR Profile: C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03] CHR Extension: (Google Drive) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05] CHR Extension: (YouTube) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03] CHR Extension: (Google-Suche) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03] CHR Extension: (Kaspersky Protection) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-28] CHR Extension: (Google Kalender) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-03] CHR Extension: (Website Logon) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-02-03] CHR Extension: (Premiumize.me) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-05-08] CHR Extension: (Google Wallet) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03] CHR Extension: (Google Mail) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 Apache2.4; C:\xampp\xampp\apache\bin\httpd.exe [22016 2013-11-21] (Apache Software Foundation) [File not signed] R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-02] (Olof Lagerkvist) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 mysql; C:\xampp\xampp\mysql\bin\mysqld.exe [10966528 2014-01-14] () [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation) R2 SLPMONX; C:\WINDOWS\SysWOW64\slpservice.exe [32256 2001-10-09] (ProdEx Technologies) [File not signed] R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] () [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-03] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [238920 2013-12-02] (Xerox Corporation) S2 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-03-08] () [File not signed] S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [18456 2012-11-02] (Olof Lagerkvist) R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) S3 behringer_xuf_usb; C:\Windows\System32\Drivers\behringer_xuf_usb_x64.sys [116416 2013-06-13] (Archwave AG) S3 behringer_xuf_usb_avs; C:\Windows\System32\Drivers\behringer_xuf_usb_avs_x64.sys [72384 2013-06-13] (Archwave AG) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S2 DLPortIO; C:\Windows\SysWow64\Drivers\DLPortIO.sys [3584 1999-01-10] () S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [459776 2006-07-31] (AVM GmbH) S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2014-05-17] (Logix4u) [File not signed] R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] () R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist) R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] () S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [178944 2013-01-28] (ITE ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-10] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-10] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-03-08] () [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) S3 mod7700; C:\Windows\system32\DRIVERS\mod7700.sys [1159696 2009-07-22] (DiBcom SA) S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [24208 2009-07-22] (DiBcom S.A.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 okdmx31; C:\Windows\System32\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed] S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed] R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-11-28] (Ralink Technology, Corp.) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-03] (Realsil Semiconductor Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-03] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-02] () S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X] S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X] S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X] S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X] S3 zlportio; \??\C:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 11:32 - 2015-02-02 11:33 - 00035892 _____ () C:\Users\Wyn\Desktop\FRST.txt 2015-02-02 11:32 - 2015-02-02 11:32 - 00000000 ____D () C:\FRST 2015-02-02 11:31 - 2015-02-02 11:32 - 02131456 _____ (Farbar) C:\Users\Wyn\Desktop\FRST64.exe 2015-02-02 00:07 - 2015-02-02 00:07 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2015-02-01 23:02 - 2015-02-02 00:05 - 00000000 ____D () C:\AdwCleaner 2015-02-01 22:57 - 2015-02-01 22:57 - 02194432 _____ () C:\Users\Wyn\Desktop\AdwCleaner_4.109.exe 2015-02-01 18:34 - 2015-02-02 00:22 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-01 18:34 - 2015-02-01 18:34 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-01 18:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-01 18:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-01 18:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-31 23:53 - 2015-01-31 23:53 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-01-31 19:30 - 2015-02-02 10:37 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-01-31 19:21 - 2015-01-31 19:21 - 00009589 _____ () C:\Users\Wyn\AppData\Local\recently-used.xbel 2015-01-24 21:02 - 2015-01-24 21:03 - 11658240 _____ () C:\Users\Wyn\Desktop\SetupAnyDVD7570.exe 2015-01-22 11:35 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-01-20 02:52 - 2015-02-02 00:06 - 00003336 _____ () C:\WINDOWS\PFRO.log 2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 2015-01-20 00:39 - 2015-01-20 00:39 - 06381120 _____ (Tim Kosse) C:\Users\Wyn\Downloads\FileZilla_3.10.0.2_win32-setup.exe 2015-01-18 19:21 - 2015-01-18 22:50 - 17792878 _____ () C:\Users\Wyn\Desktop\Hyper günstig einkaufen.mp4 2015-01-17 15:07 - 2015-01-20 01:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-15 21:29 - 2013-11-12 14:25 - 00091912 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualDrive.sys 2015-01-15 16:28 - 2015-01-22 12:24 - 00028089 _____ () C:\WINDOWS\DirectX.log 2015-01-15 16:27 - 2015-01-15 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2015-01-14 19:10 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 19:10 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 19:10 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 19:10 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 19:10 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 19:10 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 19:10 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 19:10 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 19:10 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 19:10 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 19:10 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 19:10 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 19:10 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 19:10 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 19:10 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 19:10 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 19:10 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 19:10 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 19:10 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 19:10 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 19:10 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\Wyn\AppData\Local\EmieUserList 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\Wyn\AppData\Local\EmieSiteList 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\Wyn\AppData\Local\EmieBrowserModeList 2015-01-10 12:45 - 2015-01-10 12:45 - 00000000 ____D () C:\Users\Wyn\.thumbnails 2015-01-10 12:44 - 2015-01-10 13:03 - 00020480 ___SH () C:\Users\Wyn\Documents\Thumbs.db 2015-01-10 12:28 - 2015-01-31 19:21 - 00000000 ____D () C:\Users\Wyn\.gimp-2.8 2015-01-09 23:51 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2015-01-09 23:51 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2015-01-09 23:47 - 2015-01-09 23:47 - 00000000 ____D () C:\Users\Wyn\Documents\SelfMV 2015-01-09 16:03 - 2015-01-09 16:03 - 06388344 _____ (Tim Kosse) C:\Users\Wyn\Downloads\FileZilla_3.10.0_win32-setup.exe 2015-01-09 15:45 - 2015-01-09 22:51 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\Rechnungsverwalter 2015-01-09 15:45 - 2015-01-09 15:45 - 38940488 _____ () C:\Users\Wyn\Downloads\rv_install_V2.10.31_CB-DL-Manager [1].exe 2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechnungsverwalter 2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Program Files (x86)\Rechnungsverwalter 2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\IsolatedStorage 2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2015-01-07 22:09 - 2015-01-07 22:09 - 00000000 ____D () C:\Spacekace ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 11:28 - 2014-02-26 16:28 - 00000939 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job 2015-02-02 11:28 - 2014-02-26 16:28 - 00000753 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job 2015-02-02 11:27 - 2014-02-03 17:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-02 11:08 - 2014-05-27 10:30 - 01943449 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-02 10:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-02 09:45 - 2015-01-01 20:36 - 00000285 _____ () C:\WINDOWS\avmcowlan.log 2015-02-02 09:34 - 2015-01-01 20:36 - 00013365 _____ () C:\WINDOWS\setupact.log 2015-02-02 00:14 - 2014-10-29 11:29 - 00000000 ____D () C:\Users\Wyn\Documents\Youcam 2015-02-02 00:07 - 2014-08-21 23:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-02 00:07 - 2014-02-03 17:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-02 00:07 - 2013-11-24 16:25 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2015-02-02 00:06 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-01 23:50 - 2014-02-03 17:15 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D926EEEF-D5BD-443A-9301-A49C67598B48} 2015-02-01 23:16 - 2014-02-03 12:02 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4126525249-1915814395-1466209751-1002 2015-02-01 20:04 - 2014-11-01 21:23 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\.minecraft 2015-02-01 19:55 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-01 18:03 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup 2015-02-01 17:58 - 2014-02-03 15:27 - 00000000 ____D () C:\Users\Wyn 2015-02-01 17:56 - 2014-02-03 16:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-02-01 17:56 - 2014-02-03 16:04 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-02-01 17:46 - 2014-02-27 11:30 - 01697280 ___SH () C:\Users\Wyn\Desktop\Thumbs.db 2015-02-01 00:13 - 2014-04-10 20:22 - 00000000 ____D () C:\Program Files (x86)\Rise of Nations 2015-01-31 19:22 - 2014-04-30 17:03 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\FileZilla 2015-01-31 19:22 - 2014-04-30 17:02 - 00002016 _____ () C:\Users\Wyn\Desktop\FileZilla Client.lnk 2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2015-01-31 19:21 - 2014-02-23 14:54 - 00000000 ____D () C:\Users\Wyn\AppData\Local\gtk-2.0 2015-01-31 11:40 - 2014-05-10 11:43 - 00000000 ____D () C:\Users\Wyn\Desktop\Premiumize.me 2015-01-30 20:42 - 2014-02-03 17:04 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForWyn 2015-01-30 20:42 - 2014-02-03 17:04 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForWyn.job 2015-01-30 15:16 - 2014-10-19 09:34 - 00000000 ____D () C:\Users\Wyn\Desktop\Findlingshof 2015-01-30 15:09 - 2013-11-14 08:27 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-30 15:09 - 2013-11-14 08:11 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-30 15:09 - 2013-11-14 08:11 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-29 20:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-29 19:31 - 2014-02-03 18:03 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\Skype 2015-01-28 21:27 - 2014-03-21 22:23 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\vlc 2015-01-27 15:28 - 2014-02-03 17:16 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-26 19:00 - 2014-08-23 10:40 - 00000000 ____D () C:\Users\Wyn\Desktop\Bewerbung(en) 2015-01-24 21:58 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-01-24 21:20 - 2014-12-18 19:42 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-12-18 19:42 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 21:08 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT 2015-01-22 13:41 - 2014-02-03 19:06 - 00000000 ____D () C:\Users\Wyn\Documents\Battlefield 2 2015-01-22 13:37 - 2014-02-03 20:10 - 00000000 ____D () C:\Users\Wyn\Desktop\Abbilder DVD 2015-01-22 12:45 - 2014-02-03 17:59 - 00000000 ____D () C:\Users\Wyn\Desktop\Spiele 2015-01-22 12:31 - 2013-09-27 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-20 12:44 - 2013-11-24 16:28 - 00000000 ____D () C:\ProgramData\Temp 2015-01-20 02:52 - 2014-02-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-20 00:43 - 2014-02-03 18:20 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode 2015-01-20 00:43 - 2014-02-03 17:41 - 00000000 ____D () C:\Users\Wyn\Desktop\Programme 2015-01-15 21:29 - 2013-09-27 11:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2015-01-15 21:28 - 2014-02-03 13:39 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\CyberLink 2015-01-15 21:28 - 2013-11-24 16:29 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2015-01-15 16:33 - 2014-06-08 14:55 - 00000000 ____D () C:\Users\Wyn\Documents\Ubisoft 2015-01-15 15:51 - 2014-02-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2015-01-15 15:49 - 2014-09-04 12:30 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-15 14:40 - 2014-02-03 12:32 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-15 14:33 - 2014-02-03 12:32 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 16:24 - 2014-03-23 12:09 - 00000000 ____D () C:\Program Files (x86)\JavaEditor 2015-01-12 15:42 - 2014-03-10 15:32 - 00000000 ____D () C:\Users\Wyn\Desktop\Auto 2015-01-10 13:39 - 2014-10-28 21:50 - 00000000 ____D () C:\Users\Wyn\Desktop\VT 2015-01-10 00:04 - 2014-05-18 21:20 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\dvdcss 2015-01-09 23:51 - 2014-02-24 15:10 - 00000000 ____D () C:\Program Files\SAMSUNG 2015-01-09 23:51 - 2014-02-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-09 23:51 - 2014-02-03 16:29 - 00000000 ____D () C:\Users\Wyn\AppData\Local\Downloaded Installations 2015-01-09 15:24 - 2014-02-03 18:03 - 00000000 ____D () C:\ProgramData\Skype 2015-01-09 02:27 - 2014-12-25 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java-Editor 2015-01-05 18:16 - 2014-02-03 20:12 - 00000000 ____D () C:\Users\Wyn\Desktop\Diverses ==================== Files in the root of some directories ======= 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\Wyn\AppData\Roaming\Pianos and Keyboards 2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\Users\Wyn\AppData\Roaming\Pick Bass 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\Wyn\AppData\Roaming\Pipe Organ 2014-05-17 20:07 - 2014-06-09 19:46 - 0009216 _____ () C:\Users\Wyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-31 19:21 - 2015-01-31 19:21 - 0009589 _____ () C:\Users\Wyn\AppData\Local\recently-used.xbel 2014-04-03 09:32 - 2014-07-28 15:23 - 0007629 _____ () C:\Users\Wyn\AppData\Local\Resmon.ResmonCfg 2014-05-18 21:36 - 2015-01-01 18:00 - 0000164 ___SH () C:\ProgramData\.zreglib 2014-02-03 18:16 - 2014-02-03 18:16 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-02-03 18:13 - 2015-01-24 21:58 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-02-03 18:13 - 2015-01-24 21:08 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plants 2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\ProgramData\Plug-In Settings 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plug-Ins Some content of TEMP: ==================== C:\Users\Wyn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6apvyj.dll C:\Users\Wyn\AppData\Local\Temp\Execute2App.exe C:\Users\Wyn\AppData\Local\Temp\Extract.exe C:\Users\Wyn\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Wyn\AppData\Local\Temp\msvcp90.dll C:\Users\Wyn\AppData\Local\Temp\msvcr90.dll C:\Users\Wyn\AppData\Local\Temp\Quarantine.exe C:\Users\Wyn\AppData\Local\Temp\SP69393.exe C:\Users\Wyn\AppData\Local\Temp\sqlite3.dll C:\Users\Wyn\AppData\Local\Temp\_is657.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-30 15:52 ==================== End Of Log ============================ --- --- --- --- --- --- und hier die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by *** at 2015-02-02 11:33:27 Running from C:\Users\***\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ADAC - Die Simulation (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\ADAC - Die Simulation) (Version: 1.00.00.00 - rondomedia GmbH) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.) Amazon Cloud Player (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.6.0 - SlySoft) ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - ) Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version: - ) Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts) BEHRINGER X-UF USB2.0 Driver v6.13.0.0 (HKLM-x32\...\BEHRINGER X-UF USB2.0 Driver v6.13.0.0) (Version: 6.13.0.0 - BEHRINGER) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version: - astragon) Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden Camping Manager 2012 (HKLM-x32\...\Camping Manager 2012_is1) (Version: - astragon) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3603 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Die Polizei 2013 (HKLM-x32\...\Die Polizei 2013) (Version: - Quadriga Games) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.) Dropbox (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) DVBViewer TE2 (HKLM-x32\...\DVBViewer TE2_is1) (Version: - CM&V) Easy CD-DA Extractor Free 2010 (HKLM-x32\...\Easy CD-DA Extractor Free 2010) (Version: 2010.6 - Poikosoft) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-510 Series Printer Uninstall (HKLM\...\EPSON XP-510 Series) (Version: - SEIKO EPSON Corporation) EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Erforderliche Komponenten für SSDT (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation) EZ CD Audio Converter (64-bit) (HKLM\...\EZ CD Audio Converter (64-bit)) (Version: 2.0.4 - Poikosoft) FileZilla Client 3.10.0.2 (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.10.1213 - Foxit Corporation) Free DVD Video Converter version 2.0.19.514 (HKLM-x32\...\Free DVD Video Converter_is1) (Version: 2.0.19.514 - DVDVideoSoft Ltd.) Free Studio version 6.4.0.1122 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.49.1022 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1022 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.44.908 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.908 - DVDVideoSoft Ltd.) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\HPConnectedMusic) (Version: 1.1 (build 96) hp - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{7F265322-43A2-4C06-925B-F32F938B102C}) (Version: 1.3.0.0 - Hewlett-Packard) HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT) ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{B0CA78DB-745A-4857-A73F-9ACD95E62BD0}) (Version: 4.0.41.2072 - Intel) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle) Java SE Development Kit 8 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation) Java-Editor 12.44, 2015.01.08 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version: - Gerhard Röhner) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden Kayako Desktop (HKLM-x32\...\KayakoDesktop) (Version: - ) Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (HKLM-x32\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG) LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation) MAGIX Screenshare (HKLM-x32\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{4F9A18DC-6E29-4C2C-86B3-2C8815E2F794}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden MAGIX Video deluxe MX Premium Sonderedition (HKLM-x32\...\MAGIX_{9ADAE3A4-87DD-4091-B5E0-24F4B6F08F3A}) (Version: 11.0.5.0 - MAGIX AG) MAGIX Video deluxe MX Premium Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden MAGIX Video Pro X5 (HKLM-x32\...\MAGIX_{9624820E-108F-4854-B5A9-24EDCC24CC93}) (Version: 12.0.12.4 - MAGIX AG) MAGIX Video Pro X5 (Version: 12.0.12.4 - MAGIX AG) Hidden MainConcept DTV Decoder Pro (HKLM-x32\...\{793FCE60-DE5E-4977-A942-A7B69A45B17D}) (Version: 1.5.0.2 - MainConcept GmbH) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mediatek Bluetooth (HKLM\...\{904C579C-9366-D3B7-7F31-4879401DBD4A}) (Version: 11.0.756.0 - Mediatek) MergeModule_x64 (Version: 9.0.00 - Sony Corporation) Hidden MergeModule_x86 (x32 Version: 9.0.00 - Sony Corporation) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version: - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL-Sprachdienst (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation) PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.5.0 - Nikon) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - ) pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA) PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.00.09031 - Sony Corporation) PMB_ModeEditor (x32 Version: 9.0.00 - Sony Corporation) Hidden PMB_ServiceUploader (x32 Version: 9.0.00 - Sony Corporation) Hidden ProTrain Perfect 2 (HKLM-x32\...\AuranTS2009_ptp2_is1) (Version: - Auran) Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek) Rechnungsverwalter (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Rechnungsverwalter) (Version: 2.10.31 - Temia Consulting) RECYCLE (HKLM-x32\...\Steam App 294830) (Version: - rondomedia GmbH) Rise of Nations Thrones and Patriots (HKLM-x32\...\RiseofNationsExpansion 1.0) (Version: - ) RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team) SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden SiudiDriver Version 2.3 (HKLM\...\SiudiDriver_is1) (Version: 2.3 - LightingSoft AG) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart Label Printer 7.1.1 R2 (HKLM-x32\...\{A9C7B9CE-229D-40DF-8152-20DC2971AB30}) (Version: 7.1.0437 - Seiko Instruments Inc.) SmartSoft (HKLM-x32\...\{502B9298-3AA1-44F5-85B6-87B22FDC25E1}) (Version: 3.0.43 - ETC) Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION) SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden Sounds (remove only) (HKLM-x32\...\Sounds) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SWI-Prolog (remove only) (HKLM-x32\...\SWI-Prolog) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamSpeak 3 Client (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) TechniSat DVB-PC TV Star (HKLM-x32\...\{CE9F9FBC-5253-46D2-9883-09E55003D794}) (Version: 1.0.0 - TechniSat) Telegram Desktop version 0.6.7 (HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.6.7 - Telegram Messenger LLP) Tom Clancy's Rainbow Six Vegas (HKLM-x32\...\{5731C0A8-B266-451A-8D3F-8066AA21836F}) (Version: 1.06.000 - Ubisoft) Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft) Train Fever (HKLM-x32\...\Steam App 304730) (Version: - Urban Games) TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft) Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.) Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony) ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.9.0 - Nikon) Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version: - ) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WORLD IN CONFLICT (HKLM-x32\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.0 - Massive Entertainment) Xerox WC73xx Print Experience 2.0 (HKLM\...\{E6993C0F-894A-A469-65DE-5780497BC784}) (Version: 6.71.9.5 - Xerox) XMedia Recode Version 3.2.1.2 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.2 - XMedia Recode) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 15-01-2015 21:15:12 HPSF Applying updates 22-01-2015 11:30:47 Entfernt Battlefield 2(TM) 29-01-2015 20:40:03 Windows Update 01-02-2015 18:03:16 Installed HP CoolSense ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {004CCF78-AF97-44F5-BC5F-0F7178B7F7ED} - System32\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {04BA682F-F484-43BC-897F-12FF4DD97D93} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {0734F92A-243B-49A6-B1CF-AF3410959BD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {12BDEB51-1E0F-4AF4-BF21-7AC713468D3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {14FA53B7-EF51-4720-A820-467E5D9B5E2A} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation) Task: {214B3A2E-0671-44D5-9797-9D16A71B719C} - System32\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {286C8333-6057-4AE8-84F6-E60D60140114} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {2AD6CA71-8B0C-485E-B0EB-D8258FAEF665} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-15] (Microsoft Corporation) Task: {3A38C00A-E49C-44AE-86DD-E4402E510327} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {40D69630-3751-4048-9E2A-BA065C6B43FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {532F6465-4937-40C6-A940-65A976AE73BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.) Task: {5EDBC442-1EAB-4176-ACC8-6F7A63CA7896} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-03] (Google Inc.) Task: {65E06EFA-5A0B-4D33-98E0-A6AE394A25B3} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-03] (CyberLink Corp.) Task: {76829B37-5459-4191-8A97-84E6C6B914CB} - System32\Tasks\{AB1BE9CE-7839-445B-B23A-72CB1323B717} => pcalua.exe -a "C:\Program Files (x86)\RTL\Cobra 11 - Nitro Demo\C11_PC.exe" -d "C:\Program Files (x86)\RTL\Cobra 11 - Nitro Demo\" Task: {7912253C-7D3B-4DB6-A9FB-E9EC28F13D8F} - System32\Tasks\{52055EA3-B191-4C21-9779-638FF85951CA} => pcalua.exe -a "C:\Program Files (x86)\RTL\Cobra 11 - Nitro Demo\C11_PC.exe" -d "C:\Program Files (x86)\RTL\Cobra 11 - Nitro Demo\" Task: {7B1A8055-977B-48B1-83A5-2131A4E3DD9A} - System32\Tasks\Xerox WC73xx Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\wc73xx\XeroxPrinterConfiguration.exe [2013-12-02] (Xerox Corporation) Task: {7EDD5BA2-550E-45BD-B2E0-5E3DD9653C5C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {80F1CD03-074E-42D8-8ABF-A18ADDE2B3CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {92E965A0-1A27-4F49-8394-C1818B88C526} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {A3C03853-F286-42E0-9BFE-BC3DAE7E23DA} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.) Task: {A624BB8C-198C-4B34-AC53-F9DDDDCFF5CB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {B4EB2765-75FC-4A71-BAEC-5E7C45BD5372} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {BD09DC6F-87D1-479C-8473-633BE113DCBD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {C4FABA0C-4C4E-4413-9B89-B6BAD43E6D85} - System32\Tasks\HPCeeScheduleForWyn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {C8E526AE-7298-4ED9-8F46-ED9C1A8128A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {D0C98667-2646-4102-A2DE-A25150CD4731} - System32\Tasks\Xerox WC73xx Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\wc73xx\XeroxPrinterConfiguration.exe [2013-12-02] (Xerox Corporation) Task: {E03582CD-A6A7-4D14-BAB9-E39A8E3E1443} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company) Task: C:\WINDOWS\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE Task: C:\WINDOWS\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForWyn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-27 09:03 - 2014-12-13 11:08 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-02-03 15:22 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2014-12-08 11:10 - 2014-12-08 11:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-03-19 14:21 - 2013-03-19 14:21 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe 2013-02-07 09:19 - 2013-02-07 09:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe 2014-09-30 01:51 - 2014-09-30 01:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe 2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll 2013-10-27 09:03 - 2014-12-13 11:08 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-01-16 16:34 - 2015-01-16 16:34 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll 2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll 2015-01-27 15:28 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll 2015-01-27 15:28 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll 2015-01-27 15:28 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll 2013-11-24 16:11 - 2013-02-16 01:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-01-27 15:28 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:7BEAD6C2 AlternateDataStreams: C:\ProgramData\Temp:98353363 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "TMMonitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "Behringer X-UF USB Control Panel.lnk" HKLM\...\StartupApproved\StartupFolder: => "SmartCapture.lnk" HKLM\...\StartupApproved\StartupFolder: => "Nach Updates suchen.lnk" HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service" HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2" HKLM\...\StartupApproved\Run32: => "TrayServer" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LexwareInfoService" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\StartupFolder: => "Telegram.lnk" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\StartupFolder: => "LibreOffice 4.2.lnk" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000002" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "Kies3PDLR.exe" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "Amazon Cloud Player" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_18C8ADFAF96BD2AADE491DE6AD910887" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\StartupApproved\Run: => "Power2GoExpress8" ========================= Accounts: ========================== Administrator (S-1-5-21-4126525249-1915814395-1466209751-500 - Administrator - Disabled) Gast (S-1-5-21-4126525249-1915814395-1466209751-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-4126525249-1915814395-1466209751-1010 - Limited - Enabled) Papa (S-1-5-21-4126525249-1915814395-1466209751-1008 - Limited - Enabled) => C:\Users\Papa Wyn (S-1-5-21-4126525249-1915814395-1466209751-1002 - Administrator - Enabled) => C:\Users\Wyn ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2015 11:05:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "eacdll.sxs,type="win32",version="2.1.8.0"1". Die abhängige Assemblierung "eacdll.sxs,type="win32",version="2.1.8.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (02/02/2015 09:45:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Wyn-PC_HP) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/02/2015 09:45:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Wyn-PC_HP) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/02/2015 00:07:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: slpmonx.exe, Version: 0.2.0.220, Zeitstempel: 0x39904489 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.9600.16384, Zeitstempel: 0x52158ff5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000e1ef ID des fehlerhaften Prozesses: 0x8e4 Startzeit der fehlerhaften Anwendung: 0xslpmonx.exe0 Pfad der fehlerhaften Anwendung: slpmonx.exe1 Pfad des fehlerhaften Moduls: slpmonx.exe2 Berichtskennung: slpmonx.exe3 Vollständiger Name des fehlerhaften Pakets: slpmonx.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: slpmonx.exe5 Error: (02/02/2015 00:07:05 AM) (Source: MySQL) (EventID: 100) (User: ) Description: Aborting For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (02/02/2015 00:07:05 AM) (Source: MySQL) (EventID: 100) (User: ) Description: Can't find messagefile 'C:\xampp\mysql\share\errmsg.sys' For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (02/02/2015 00:06:59 AM) (Source: Apache Service) (EventID: 3299) (User: ) Description: The Apache service named reported the following error: >>> httpd.exe: Syntax error on line 37 of C:/xampp/xampp/apache/conf/httpd.conf: ServerRoot must be a valid directory . Error: (02/01/2015 11:41:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: slpmonx.exe, Version: 0.2.0.220, Zeitstempel: 0x39904489 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.9600.16384, Zeitstempel: 0x52158ff5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000e1ef ID des fehlerhaften Prozesses: 0xb64 Startzeit der fehlerhaften Anwendung: 0xslpmonx.exe0 Pfad der fehlerhaften Anwendung: slpmonx.exe1 Pfad des fehlerhaften Moduls: slpmonx.exe2 Berichtskennung: slpmonx.exe3 Vollständiger Name des fehlerhaften Pakets: slpmonx.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: slpmonx.exe5 Error: (02/01/2015 11:41:21 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Aborting For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (02/01/2015 11:41:21 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Can't find messagefile 'C:\xampp\mysql\share\errmsg.sys' For more information, see Help and Support Center at hxxp://www.mysql.com. System errors: ============= Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.ZuneMusic Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: SymantecCorporation.NortonStudio Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.XboxLIVEGames Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.BingWeather Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.BingFinance Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.WindowsReadingList Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.BingSports Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.WindowsScan Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.WindowsAlarms Error: (02/02/2015 09:46:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft.HelpAndTips Microsoft Office Sessions: ========================= Error: (02/02/2015 11:05:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: eacdll.sxs,type="win32",version="2.1.8.0"c:\Users\Wyn\AppData\Local\hpconnectedmusic\application\100100096\HPConnectedMusic.exe Error: (02/02/2015 09:45:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Wyn-PC_HP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (02/02/2015 09:45:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Wyn-PC_HP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (02/02/2015 00:07:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: slpmonx.exe0.2.0.22039904489msvcrt.dll7.0.9600.1638452158ff5c00000050000e1ef8e401d03e73cb5bf697C:\WINDOWS\SysWOW64\slpmonx.exeC:\WINDOWS\SYSTEM32\msvcrt.dll0f9fe619-aa67-11e4-bed0-3423873bf9ca Error: (02/02/2015 00:07:05 AM) (Source: MySQL) (EventID: 100) (User: ) Description: Aborting Error: (02/02/2015 00:07:05 AM) (Source: MySQL) (EventID: 100) (User: ) Description: Can't find messagefile 'C:\xampp\mysql\share\errmsg.sys' Error: (02/02/2015 00:06:59 AM) (Source: Apache Service) (EventID: 3299) (User: ) Description: The Apache service namedreported the following error: >>>httpd.exe: Syntax error on line 37 of C:/xampp/xampp/apache/conf/httpd.conf: ServerRoot must be a valid directory Error: (02/01/2015 11:41:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: slpmonx.exe0.2.0.22039904489msvcrt.dll7.0.9600.1638452158ff5c00000050000e1efb6401d03e7034871ff8C:\WINDOWS\SysWOW64\slpmonx.exeC:\WINDOWS\SYSTEM32\msvcrt.dll7c86dca0-aa63-11e4-becf-3423873bf9ca Error: (02/01/2015 11:41:21 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Aborting Error: (02/01/2015 11:41:21 PM) (Source: MySQL) (EventID: 100) (User: ) Description: Can't find messagefile 'C:\xampp\mysql\share\errmsg.sys' CodeIntegrity Errors: =================================== Date: 2015-02-02 00:06:59.770 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-02 00:06:59.598 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-02 00:06:32.884 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-01 23:41:02.477 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-01 23:41:00.742 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-01 23:40:08.924 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-01 19:56:18.656 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-01 19:56:18.374 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-01 19:55:48.434 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\hwinterfacex64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-02-01 18:07:46.337 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Percentage of memory in use: 22% Total physical RAM: 12220.02 MB Available physical RAM: 9446.55 MB Total Pagefile: 14076.02 MB Available Pagefile: 10315.04 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:909.97 GB) (Free:451.43 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:20.08 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777) Partition: GPT Partition Type. ==================== End Of Log ============================ |
02.02.2015, 17:41 | #4 |
/// the machine /// TB-Ausbilder | Es öffnet sich immer ein P****fenster im Browser hi, Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.02.2015, 19:42 | #5 |
| Es öffnet sich immer ein P****fenster im Browser Hallo, hier der Scan von Malwarebytes: mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.02.2015 Suchlauf-Zeit: 17:47:40 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.02.03 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 508186 Verstrichene Zeit: 40 Min, 34 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner.txt: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 18:47:14 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : ******** # Gestartet von : C:\Users\*****\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v34.0.5 (x86 de) -\\ Google Chrome v40.0.2214.93 ************************* AdwCleaner[R0].txt - [3293 octets] - [01/02/2015 23:02:43] AdwCleaner[R1].txt - [966 octets] - [02/02/2015 00:01:56] AdwCleaner[R2].txt - [1027 octets] - [02/02/2015 18:44:27] AdwCleaner[S0].txt - [3203 octets] - [01/02/2015 23:05:56] AdwCleaner[S1].txt - [1026 octets] - [02/02/2015 00:05:36] AdwCleaner[S2].txt - [950 octets] - [02/02/2015 18:47:14] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1009 octets] ########## und hier der Scan mit JRT: JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 8.1 x64 Ran by ******** on 02.02.2015 at 18:54:29,57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.02.2015 at 19:08:15,44 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Danke! Hab noch die FRST vergessen: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by ******* (administrator) on ****** on 02-02-2015 19:36:30 Running from C:\Users\*****\Desktop Loaded Profiles: *********** Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (ProdEx Technologies) C:\Windows\SysWOW64\slpservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe () C:\Windows\System32\valWBFPolicyService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-02-03] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILRE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Amazon Cloud Player] => C:\Users\Wyn\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] () HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-12-29] (SlySoft, Inc.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [GoogleChromeAutoLaunch_18C8ADFAF96BD2AADE491DE6AD910887] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: F - "F:\Autorun.exe" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: H - "H:\Autorun.exe" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: {d1d19ffd-62d5-11e4-bebf-3423873bf9ca} - "F:\AutoRun.exe" HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Behringer X-UF USB Control Panel.lnk ShortcutTarget: Behringer X-UF USB Control Panel.lnk -> C:\Program Files\behringer\UsbAudioDriver_XUF\X-UF USB Control Panel.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.1\slpcap.exe (Seiko Instruments USA Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) Startup: C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Wyn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Wyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk ShortcutTarget: Telegram.lnk -> C:\Users\Wyn\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram Messenger LLP) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Wyn\AppData\Roaming\Mozilla\Firefox\Profiles\auim9r1r.default FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4126525249-1915814395-1466209751-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Wyn\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-12-18] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-21] FF HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-31] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR StartupUrls: Default -> "https://www.google.de/" CHR Profile: C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03] CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05] CHR Extension: (YouTube) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03] CHR Extension: (Google-Suche) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03] CHR Extension: (Kaspersky Protection) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-28] CHR Extension: (Google Kalender) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-03] CHR Extension: (Website Logon) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-02-03] CHR Extension: (Premiumize.me) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-05-08] CHR Extension: (Google Wallet) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03] CHR Extension: (Google Mail) - C:\Users\Wyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 Apache2.4; C:\xampp\xampp\apache\bin\httpd.exe [22016 2013-11-21] (Apache Software Foundation) [File not signed] R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-02] (Olof Lagerkvist) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 mysql; C:\xampp\xampp\mysql\bin\mysqld.exe [10966528 2014-01-14] () [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation) R2 SLPMONX; C:\WINDOWS\SysWOW64\slpservice.exe [32256 2001-10-09] (ProdEx Technologies) [File not signed] R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] () [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-03] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [238920 2013-12-02] (Xerox Corporation) S2 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-03-08] () [File not signed] S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [18456 2012-11-02] (Olof Lagerkvist) R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) S3 behringer_xuf_usb; C:\Windows\System32\Drivers\behringer_xuf_usb_x64.sys [116416 2013-06-13] (Archwave AG) S3 behringer_xuf_usb_avs; C:\Windows\System32\Drivers\behringer_xuf_usb_avs_x64.sys [72384 2013-06-13] (Archwave AG) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S2 DLPortIO; C:\Windows\SysWow64\Drivers\DLPortIO.sys [3584 1999-01-10] () S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [459776 2006-07-31] (AVM GmbH) S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2014-05-17] (Logix4u) [File not signed] R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] () R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist) R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] () S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [178944 2013-01-28] (ITE ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-10] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-10] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-03-08] () [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) S3 mod7700; C:\Windows\system32\DRIVERS\mod7700.sys [1159696 2009-07-22] (DiBcom SA) S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [24208 2009-07-22] (DiBcom S.A.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 okdmx31; C:\Windows\System32\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed] S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed] R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-11-28] (Ralink Technology, Corp.) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-03] (Realsil Semiconductor Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-03] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-02] () S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X] S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X] S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X] S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X] S3 zlportio; \??\C:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 19:36 - 2015-02-02 19:36 - 00035743 _____ () C:\Users\***\Desktop\FRST.txt 2015-02-02 19:08 - 2015-02-02 19:23 - 00000674 _____ () C:\Users\***\Desktop\JRT.txt 2015-02-02 18:52 - 2015-02-02 18:52 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-02-02 18:51 - 2015-02-02 18:51 - 00001084 _____ () C:\Users\***\Desktop\AdwCleaner.txt 2015-02-02 18:49 - 2015-02-02 18:49 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2015-02-02 18:43 - 2015-02-02 18:43 - 01707939 _____ (Thisisu) C:\Users\Wyn\Desktop\JRT.exe 2015-02-02 18:41 - 2015-02-02 18:42 - 00001186 _____ () C:\Users\***\Desktop\mbam.txt 2015-02-02 15:14 - 2015-02-02 15:19 - 315521024 _____ () C:\Users\***\Desktop\kav_rescue_10.iso 2015-02-02 11:32 - 2015-02-02 19:36 - 00000000 ____D () C:\FRST 2015-02-02 11:31 - 2015-02-02 11:32 - 02131456 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe 2015-02-01 23:02 - 2015-02-02 18:47 - 00000000 ____D () C:\AdwCleaner 2015-02-01 22:57 - 2015-02-01 22:57 - 02194432 _____ () C:\Users\***\Desktop\AdwCleaner_4.109.exe 2015-02-01 18:34 - 2015-02-02 18:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-01 18:34 - 2015-02-01 18:34 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-01 18:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-01 18:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-01 18:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-31 23:53 - 2015-01-31 23:53 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-01-31 19:30 - 2015-02-02 18:50 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-01-31 19:21 - 2015-01-31 19:21 - 00009589 _____ () C:\Users\***\AppData\Local\recently-used.xbel 2015-01-24 21:02 - 2015-01-24 21:03 - 11658240 _____ () C:\Users\***\Desktop\SetupAnyDVD7570.exe 2015-01-22 11:35 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-01-20 02:52 - 2015-02-02 18:48 - 00003872 _____ () C:\WINDOWS\PFRO.log 2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 2015-01-20 00:39 - 2015-01-20 00:39 - 06381120 _____ (Tim Kosse) C:\Users\Wyn\Downloads\FileZilla_3.10.0.2_win32-setup.exe 2015-01-18 19:21 - 2015-01-18 22:50 - 17792878 _____ () C:\Users\***\Desktop\Hyper günstig einkaufen.mp4 2015-01-17 15:07 - 2015-01-20 01:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-15 21:29 - 2013-11-12 14:25 - 00091912 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualDrive.sys 2015-01-15 16:28 - 2015-01-22 12:24 - 00028089 _____ () C:\WINDOWS\DirectX.log 2015-01-15 16:27 - 2015-01-15 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2015-01-14 19:10 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 19:10 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 19:10 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 19:10 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 19:10 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 19:10 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 19:10 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 19:10 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 19:10 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 19:10 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 19:10 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 19:10 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 19:10 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 19:10 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 19:10 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 19:10 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 19:10 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 19:10 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 19:10 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 19:10 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 19:10 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieUserList 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieSiteList 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieBrowserModeList 2015-01-10 12:45 - 2015-01-10 12:45 - 00000000 ____D () C:\Users\***\.thumbnails 2015-01-10 12:44 - 2015-01-10 13:03 - 00020480 ___SH () C:\Users\***\Documents\Thumbs.db 2015-01-10 12:28 - 2015-01-31 19:21 - 00000000 ____D () C:\Users\***\.gimp-2.8 2015-01-09 23:51 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2015-01-09 23:51 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2015-01-09 23:47 - 2015-01-09 23:47 - 00000000 ____D () C:\Users\***\Documents\SelfMV 2015-01-09 16:03 - 2015-01-09 16:03 - 06388344 _____ (Tim Kosse) C:\Users\Wyn\Downloads\FileZilla_3.10.0_win32-setup.exe 2015-01-09 15:45 - 2015-01-09 22:51 - 00000000 ____D () C:\Users\***\AppData\Roaming\Rechnungsverwalter 2015-01-09 15:45 - 2015-01-09 15:45 - 38940488 _____ () C:\Users\***\Downloads\rv_install_V2.10.31_CB-DL-Manager [1].exe 2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechnungsverwalter 2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Program Files (x86)\Rechnungsverwalter 2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\Users\Wyn\AppData\Roaming\IsolatedStorage 2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2015-01-07 22:09 - 2015-01-07 22:09 - 00000000 ____D () C:\Spacekace ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 19:36 - 2014-05-27 10:30 - 01151060 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-02 19:28 - 2014-02-26 16:28 - 00000939 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job 2015-02-02 19:28 - 2014-02-26 16:28 - 00000753 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job 2015-02-02 19:27 - 2014-02-03 17:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-02 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-02 19:04 - 2014-08-21 23:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-02 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-02 18:56 - 2014-10-29 11:29 - 00000000 ____D () C:\Users\***\Documents\Youcam 2015-02-02 18:55 - 2015-01-01 20:36 - 00000285 _____ () C:\WINDOWS\avmcowlan.log 2015-02-02 18:49 - 2015-01-01 20:36 - 00013673 _____ () C:\WINDOWS\setupact.log 2015-02-02 18:49 - 2014-02-03 17:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-02 18:49 - 2013-11-24 16:25 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2015-02-02 18:49 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-02 17:13 - 2014-03-21 22:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc 2015-02-02 16:11 - 2014-11-01 21:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\.minecraft 2015-02-01 23:50 - 2014-02-03 17:15 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D926EEEF-D5BD-443A-9301-A49C67598B48} 2015-02-01 23:16 - 2014-02-03 12:02 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4126525249-1915814395-1466209751-1002 2015-02-01 19:55 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-01 18:03 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup 2015-02-01 17:58 - 2014-02-03 15:27 - 00000000 ____D () C:\Users\*** 2015-02-01 17:56 - 2014-02-03 16:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-02-01 17:56 - 2014-02-03 16:04 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-02-01 17:46 - 2014-02-27 11:30 - 01697280 ___SH () C:\Users\***\Desktop\Thumbs.db 2015-02-01 00:13 - 2014-04-10 20:22 - 00000000 ____D () C:\Program Files (x86)\Rise of Nations 2015-01-31 19:22 - 2014-04-30 17:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\FileZilla 2015-01-31 19:22 - 2014-04-30 17:02 - 00002016 _____ () C:\Users\***\Desktop\FileZilla Client.lnk 2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2015-01-31 19:21 - 2014-02-23 14:54 - 00000000 ____D () C:\Users\***\AppData\Local\gtk-2.0 2015-01-31 11:40 - 2014-05-10 11:43 - 00000000 ____D () C:\Users\***\Desktop\Premiumize.me 2015-01-30 20:42 - 2014-02-03 17:04 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForWyn 2015-01-30 20:42 - 2014-02-03 17:04 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForWyn.job 2015-01-30 15:16 - 2014-10-19 09:34 - 00000000 ____D () C:\Users\***\Desktop\Findlingshof 2015-01-30 15:09 - 2013-11-14 08:27 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-30 15:09 - 2013-11-14 08:11 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-30 15:09 - 2013-11-14 08:11 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-29 20:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-29 19:31 - 2014-02-03 18:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype 2015-01-27 15:28 - 2014-02-03 17:16 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-26 19:00 - 2014-08-23 10:40 - 00000000 ____D () C:\Users\***\Desktop\Bewerbung(en) 2015-01-24 21:58 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-01-24 21:20 - 2014-12-18 19:42 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-12-18 19:42 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 21:08 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT 2015-01-22 13:41 - 2014-02-03 19:06 - 00000000 ____D () C:\Users\***\Documents\Battlefield 2 2015-01-22 13:37 - 2014-02-03 20:10 - 00000000 ____D () C:\Users\***\Desktop\Abbilder DVD 2015-01-22 12:45 - 2014-02-03 17:59 - 00000000 ____D () C:\Users\***\Desktop\Spiele 2015-01-22 12:31 - 2013-09-27 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-20 12:44 - 2013-11-24 16:28 - 00000000 ____D () C:\ProgramData\Temp 2015-01-20 02:52 - 2014-02-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-20 00:43 - 2014-02-03 18:20 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode 2015-01-20 00:43 - 2014-02-03 17:41 - 00000000 ____D () C:\Users\***\Desktop\Programme 2015-01-15 21:29 - 2013-09-27 11:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2015-01-15 21:28 - 2014-02-03 13:39 - 00000000 ____D () C:\Users\***\AppData\Roaming\CyberLink 2015-01-15 21:28 - 2013-11-24 16:29 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2015-01-15 16:33 - 2014-06-08 14:55 - 00000000 ____D () C:\Users\***\Documents\Ubisoft 2015-01-15 15:51 - 2014-02-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2015-01-15 15:49 - 2014-09-04 12:30 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-15 14:40 - 2014-02-03 12:32 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-15 14:33 - 2014-02-03 12:32 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 16:24 - 2014-03-23 12:09 - 00000000 ____D () C:\Program Files (x86)\JavaEditor 2015-01-12 15:42 - 2014-03-10 15:32 - 00000000 ____D () C:\Users\***\Desktop\Auto 2015-01-10 13:39 - 2014-10-28 21:50 - 00000000 ____D () C:\Users\***\Desktop\VT 2015-01-10 00:04 - 2014-05-18 21:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss 2015-01-09 23:51 - 2014-02-24 15:10 - 00000000 ____D () C:\Program Files\SAMSUNG 2015-01-09 23:51 - 2014-02-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-09 23:51 - 2014-02-03 16:29 - 00000000 ____D () C:\Users\***\AppData\Local\Downloaded Installations 2015-01-09 15:24 - 2014-02-03 18:03 - 00000000 ____D () C:\ProgramData\Skype 2015-01-09 02:27 - 2014-12-25 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java-Editor 2015-01-05 18:16 - 2014-02-03 20:12 - 00000000 ____D () C:\Users\***\Desktop\Diverses ==================== Files in the root of some directories ======= 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pianos and Keyboards 2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pick Bass 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pipe Organ 2014-05-17 20:07 - 2014-06-09 19:46 - 0009216 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-31 19:21 - 2015-01-31 19:21 - 0009589 _____ () C:\Users\***\AppData\Local\recently-used.xbel 2014-04-03 09:32 - 2014-07-28 15:23 - 0007629 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg 2014-05-18 21:36 - 2015-01-01 18:00 - 0000164 ___SH () C:\ProgramData\.zreglib 2014-02-03 18:16 - 2014-02-03 18:16 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-02-03 18:13 - 2015-01-24 21:58 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-02-03 18:13 - 2015-01-24 21:08 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plants 2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\ProgramData\Plug-In Settings 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plug-Ins Some content of TEMP: ==================== C:\Users\***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6apvyj.dll C:\Users\***\AppData\Local\Temp\Execute2App.exe C:\Users\***\AppData\Local\Temp\Extract.exe C:\Users\***\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\***\AppData\Local\Temp\msvcp90.dll C:\Users\***\AppData\Local\Temp\msvcr90.dll C:\Users\***\AppData\Local\Temp\Quarantine.exe C:\Users\***\AppData\Local\Temp\SP69393.exe C:\Users\***\AppData\Local\Temp\sqlite3.dll C:\Users\***\AppData\Local\Temp\_is657.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-30 15:52 ==================== End Of Log ============================ --- --- --- |
03.02.2015, 07:54 | #6 |
/// the machine /// TB-Ausbilder | Es öffnet sich immer ein P****fenster im Browser Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Es öffnet sich immer ein P****fenster im Browser |
03.02.2015, 14:48 | #7 |
| Es öffnet sich immer ein P****fenster im Browser Hi, ich führe alles durch, der Eset-Scan hat auch was gefunden, aber der löscht das ja nicht, da in den Einstellungen das Häkchen deaktiviert ist, ist das so richtig? Gruß! |
03.02.2015, 19:18 | #8 |
/// the machine /// TB-Ausbilder | Es öffnet sich immer ein P****fenster im Browser Korrekt, einfach das Log mit den Funden posten, ich lösche das dann nachdem ich es gesehen habe
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.02.2015, 20:33 | #9 |
| Es öffnet sich immer ein P****fenster im Browser Hi, hier also die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015 Ran by ****** at 2015-02-03 10:01:57 Run:1 Running from C:\Users\******\Desktop Loaded Profiles: *********** Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION Emptytemp: ***************** HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully. EmptyTemp: => Removed 1 GB temporary data. The system needed a reboot. ==== End of Fixlog 10:02:57 ==== Code:
ATTFilter # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=2a5408bfbb3c02469e65436532850c7f # engine=22281 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-03 01:43:08 # local_time=2015-02-03 02:43:08 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1296 16777213 100 100 20285 27047270 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 6540068 47852281 0 0 # scanned=508887 # found=6 # cleaned=0 # scan_time=15103 sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (1).exe" sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (2).exe" sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (3).exe" sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (4).exe" sh=23176923CFD6D8414AADECEFF74E3B78EB157C7B ft=1 fh=10ba037dd19f9af6 vn="Win32/Hoax.ArchSMS.ABZ Anwendung" ac=I fn="C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0.exe" sh=E0C81E71653693E22D517A08C1F85E0A70E2EF06 ft=1 fh=a88c0ff6a9b10e9b vn="Win32/SmartFileAdvisor.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\***\Downloads\Alcohol120_FE_2.0.2.5830_d4fe6cf50585eedace7c0f1d25ce4826.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.95 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Emsisoft Anti-Malware Kaspersky Internet Security Windows Defender Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java SE Development Kit 8 Java-Editor 12.44, 2015.01.08 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Mozilla Firefox 34.0.5 Firefox out of Date! Mozilla Thunderbird (31.4.0) Google Chrome (40.0.2214.91) Google Chrome (40.0.2214.93) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Emsisoft Anti-Malware a2service.exe Malwarebytes Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 15.0.0 plugin-nm-server.exe Kaspersky Lab Kaspersky Internet Security 15.0.0 klwtblfs.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by ***** (administrator) on***** on 03-02-2015 20:22:12 Running from C:\Users\******\Desktop Loaded Profiles: ********** Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (ProdEx Technologies) C:\Windows\SysWOW64\slpservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe () C:\Windows\System32\valWBFPolicyService.exe (Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IARNLRE.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe () C:\Users\***\Desktop\SecurityCheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-02-03] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2707992 2014-09-03] (Sony Corporation) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [845120 2015-01-14] (Samsung) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILRE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Amazon Cloud Player] => C:\Users\***\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] () HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-12-29] (SlySoft, Inc.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [GoogleChromeAutoLaunch_18C8ADFAF96BD2AADE491DE6AD910887] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.) HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: F - "F:\Autorun.exe" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: H - "H:\Autorun.exe" HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\MountPoints2: {d1d19ffd-62d5-11e4-bebf-3423873bf9ca} - "F:\AutoRun.exe" HKU\S-1-5-18\...\CurrentVersion\Windows: [Load] ,slpmonx.exe <===== ATTENTION AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Behringer X-UF USB Control Panel.lnk ShortcutTarget: Behringer X-UF USB Control Panel.lnk -> C:\Program Files\behringer\UsbAudioDriver_XUF\X-UF USB Control Panel.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCapture.lnk ShortcutTarget: SmartCapture.lnk -> C:\Program Files (x86)\Seiko Instruments Inc\Smart Label Printer 7.1.1\slpcap.exe (Seiko Instruments USA Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk ShortcutTarget: Telegram.lnk -> C:\Users\***\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram Messenger LLP) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {3F9AB413-213D-47E2-9067-C5033A64AA06} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKU\S-1-5-21-4126525249-1915814395-1466209751-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\auim9r1r.default FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4126525249-1915814395-1466209751-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\***\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-12-18] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-21] FF HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-31] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR StartupUrls: Default -> "https://www.google.de/" CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-03] CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-03] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05] CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-03] CHR Extension: (Google-Suche) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-03] CHR Extension: (Kaspersky Protection) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-28] CHR Extension: (Google Kalender) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-02-03] CHR Extension: (Website Logon) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2014-02-03] CHR Extension: (Premiumize.me) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-05-08] CHR Extension: (Google Wallet) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03] CHR Extension: (Google Mail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-03] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKU\S-1-5-21-4126525249-1915814395-1466209751-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 Apache2.4; C:\xampp\xampp\apache\bin\httpd.exe [22016 2013-11-21] (Apache Software Foundation) [File not signed] S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-02] (Olof Lagerkvist) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 mysql; C:\xampp\xampp\mysql\bin\mysqld.exe [10966528 2014-01-14] () [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [484888 2014-09-03] (Sony Corporation) R2 SLPMONX; C:\WINDOWS\SysWOW64\slpservice.exe [32256 2001-10-09] (ProdEx Technologies) [File not signed] R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-19] () [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-03] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [238920 2013-12-02] (Xerox Corporation) S2 FileZillaServer; "C:\xampp\filezillaftp\filezillaserver.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-03-08] () [File not signed] S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [18456 2012-11-02] (Olof Lagerkvist) R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) S3 behringer_xuf_usb; C:\Windows\System32\Drivers\behringer_xuf_usb_x64.sys [116416 2013-06-13] (Archwave AG) S3 behringer_xuf_usb_avs; C:\Windows\System32\Drivers\behringer_xuf_usb_avs_x64.sys [72384 2013-06-13] (Archwave AG) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S2 DLPortIO; C:\Windows\SysWow64\Drivers\DLPortIO.sys [3584 1999-01-10] () S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [459776 2006-07-31] (AVM GmbH) S1 hwinterfacex64; C:\Windows\System32\Drivers\hwinterfacex64.sys [5632 2014-05-17] (Logix4u) [File not signed] R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] () R2 ImDisk; C:\Windows\system32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist) R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] () S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [178944 2013-01-28] (ITE ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-10] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-10] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-03-08] () [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) S3 mod7700; C:\Windows\system32\DRIVERS\mod7700.sys [1159696 2009-07-22] (DiBcom SA) S3 MODRC; C:\Windows\system32\DRIVERS\modrc.sys [24208 2009-07-22] (DiBcom S.A.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 okdmx31; C:\Windows\System32\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed] S3 okdmx31; C:\Windows\SysWOW64\Drivers\okdmx31.sys [3712 2014-05-17] () [File not signed] R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-11-28] (Ralink Technology, Corp.) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-03] (Realsil Semiconductor Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-03] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-02-03] () S3 BlueletAudio; \SystemRoot\system32\DRIVERS\blueletaudio.sys [X] S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X] S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X] S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X] S3 zlportio; \??\C:\Program Files (x86)\PHOENIXstudios\PC_DIMMER\zlportio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 20:22 - 2015-02-03 20:22 - 00036171 _____ () C:\Users\***\Desktop\FRST.txt 2015-02-03 18:41 - 2015-02-03 18:48 - 00000000 ____D () C:\Users\***\Desktop\minecrafti_3127 2015-02-03 18:21 - 2015-02-03 18:21 - 02307793 _____ () C:\Users\***\Desktop\Wald6.jpeg 2015-02-03 17:27 - 2015-02-03 17:27 - 00001326 _____ () C:\Users\***\Desktop\checkup.txt 2015-02-03 14:54 - 2015-02-03 14:54 - 00852573 _____ () C:\Users\***\Desktop\SecurityCheck.exe 2015-02-03 10:10 - 2015-02-03 10:10 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-03 10:09 - 2015-02-03 10:10 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_deu.exe 2015-02-03 10:05 - 2015-02-03 10:05 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp 2015-02-02 18:52 - 2015-02-02 18:52 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-02-02 18:43 - 2015-02-02 18:43 - 01707939 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe 2015-02-02 15:14 - 2015-02-02 15:19 - 315521024 _____ () C:\Users\***\Desktop\kav_rescue_10.iso 2015-02-02 11:32 - 2015-02-03 20:22 - 00000000 ____D () C:\FRST 2015-02-02 11:31 - 2015-02-02 11:32 - 02131456 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe 2015-02-01 23:02 - 2015-02-02 18:47 - 00000000 ____D () C:\AdwCleaner 2015-02-01 22:57 - 2015-02-01 22:57 - 02194432 _____ () C:\Users\***\Desktop\AdwCleaner_4.109.exe 2015-02-01 18:34 - 2015-02-03 19:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-01 18:34 - 2015-02-01 18:34 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-01 18:34 - 2015-02-01 18:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-01 18:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-01 18:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-01 18:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-31 23:53 - 2015-01-31 23:53 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-01-31 19:30 - 2015-02-03 19:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-01-31 19:21 - 2015-01-31 19:21 - 00009589 _____ () C:\Users\***\AppData\Local\recently-used.xbel 2015-01-24 21:02 - 2015-01-24 21:03 - 11658240 _____ () C:\Users\***\Desktop\SetupAnyDVD7570.exe 2015-01-22 11:35 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-01-20 02:52 - 2015-02-03 10:04 - 00004200 _____ () C:\WINDOWS\PFRO.log 2015-01-20 00:43 - 2015-01-20 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode 2015-01-20 00:39 - 2015-01-20 00:39 - 06381120 _____ (Tim Kosse) C:\Users\***\Downloads\FileZilla_3.10.0.2_win32-setup.exe 2015-01-18 19:21 - 2015-01-18 22:50 - 17792878 _____ () C:\Users\***\Desktop\Hyper günstig einkaufen.mp4 2015-01-17 15:07 - 2015-01-20 01:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-15 21:29 - 2013-11-12 14:25 - 00091912 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualDrive.sys 2015-01-15 16:28 - 2015-01-22 12:24 - 00028089 _____ () C:\WINDOWS\DirectX.log 2015-01-15 16:27 - 2015-01-15 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2015-01-14 19:10 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 19:10 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 19:10 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 19:10 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 19:10 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 19:10 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 19:10 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 19:10 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 19:10 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 19:10 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 19:10 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 19:10 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 19:10 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 19:10 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 19:10 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 19:10 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 19:10 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 19:10 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 19:10 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 19:10 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 19:10 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 19:10 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 19:10 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieUserList 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieSiteList 2015-01-13 16:25 - 2015-01-13 16:25 - 00000000 __SHD () C:\Users\***\AppData\Local\EmieBrowserModeList 2015-01-10 12:45 - 2015-01-10 12:45 - 00000000 ____D () C:\Users\***\.thumbnails 2015-01-10 12:44 - 2015-01-10 13:03 - 00020480 ___SH () C:\Users\***\Documents\Thumbs.db 2015-01-10 12:28 - 2015-01-31 19:21 - 00000000 ____D () C:\Users\***\.gimp-2.8 2015-01-09 23:51 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2015-01-09 23:51 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2015-01-09 23:47 - 2015-01-09 23:47 - 00000000 ____D () C:\Users\***\Documents\SelfMV 2015-01-09 16:03 - 2015-01-09 16:03 - 06388344 _____ (Tim Kosse) C:\Users\***\Downloads\FileZilla_3.10.0_win32-setup.exe 2015-01-09 15:45 - 2015-01-09 22:51 - 00000000 ____D () C:\Users\***\AppData\Roaming\Rechnungsverwalter 2015-01-09 15:45 - 2015-01-09 15:45 - 38940488 _____ () C:\Users\***\Downloads\rv_install_V2.10.31_CB-DL-Manager [1].exe 2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rechnungsverwalter 2015-01-09 15:45 - 2015-01-09 15:45 - 00000000 ____D () C:\Program Files (x86)\Rechnungsverwalter 2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-09 15:24 - 2015-01-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\Users\***\AppData\Roaming\IsolatedStorage 2015-01-07 22:10 - 2015-01-07 22:10 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2015-01-07 22:09 - 2015-01-07 22:09 - 00000000 ____D () C:\Spacekace ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 20:20 - 2014-11-01 21:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\.minecraft 2015-02-03 20:18 - 2014-04-30 17:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\FileZilla 2015-02-03 20:07 - 2014-05-27 10:30 - 01403129 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-03 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-03 19:28 - 2014-02-26 16:28 - 00000939 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Update {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job 2015-02-03 19:28 - 2014-02-26 16:28 - 00000753 _____ () C:\WINDOWS\Tasks\EPSON XP-510 Series Invitation {EFBB9A74-580C-4AFB-AE13-713218B4702E}.job 2015-02-03 19:27 - 2014-02-03 17:16 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 19:07 - 2014-02-03 17:15 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D926EEEF-D5BD-443A-9301-A49C67598B48} 2015-02-03 18:49 - 2014-02-03 12:02 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4126525249-1915814395-1466209751-1002 2015-02-03 18:21 - 2014-02-27 11:30 - 01847296 ___SH () C:\Users\***\Desktop\Thumbs.db 2015-02-03 17:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-03 17:37 - 2015-01-01 20:36 - 00000285 _____ () C:\WINDOWS\avmcowlan.log 2015-02-03 17:26 - 2015-01-01 20:36 - 00014597 _____ () C:\WINDOWS\setupact.log 2015-02-03 15:29 - 2014-02-03 17:16 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-03 10:20 - 2014-08-21 23:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-03 10:16 - 2013-11-14 08:27 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-03 10:16 - 2013-11-14 08:11 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-03 10:16 - 2013-11-14 08:11 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-03 10:13 - 2014-10-29 11:29 - 00000000 ____D () C:\Users\***\Documents\Youcam 2015-02-03 10:05 - 2014-02-03 17:15 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 10:05 - 2013-11-24 16:25 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys 2015-02-03 10:04 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-03 10:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-02 17:13 - 2014-03-21 22:23 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc 2015-02-01 18:03 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup 2015-02-01 17:58 - 2014-02-03 15:27 - 00000000 ____D () C:\Users\*** 2015-02-01 17:56 - 2014-02-03 16:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-02-01 17:56 - 2014-02-03 16:04 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-02-01 00:13 - 2014-04-10 20:22 - 00000000 ____D () C:\Program Files (x86)\Rise of Nations 2015-01-31 19:22 - 2014-04-30 17:02 - 00002016 _____ () C:\Users\***\Desktop\FileZilla Client.lnk 2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2015-01-31 19:22 - 2014-04-30 17:02 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2015-01-31 19:21 - 2014-02-23 14:54 - 00000000 ____D () C:\Users\***\AppData\Local\gtk-2.0 2015-01-31 11:40 - 2014-05-10 11:43 - 00000000 ____D () C:\Users\***\Desktop\Premiumize.me 2015-01-30 20:42 - 2014-02-03 17:04 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFor*** 2015-01-30 20:42 - 2014-02-03 17:04 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFor***.job 2015-01-30 15:16 - 2014-10-19 09:34 - 00000000 ____D () C:\Users\***\Desktop\Findlingshof 2015-01-29 20:42 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-29 19:31 - 2014-02-03 18:03 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype 2015-01-26 19:00 - 2014-08-23 10:40 - 00000000 ____D () C:\Users\***\Desktop\Bewerbung(en) 2015-01-24 21:58 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2015-01-24 21:20 - 2014-12-18 19:42 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-12-18 19:42 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 21:08 - 2014-02-03 18:13 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT 2015-01-22 13:41 - 2014-02-03 19:06 - 00000000 ____D () C:\Users\***\Documents\Battlefield 2 2015-01-22 13:37 - 2014-02-03 20:10 - 00000000 ____D () C:\Users\***\Desktop\Abbilder DVD 2015-01-22 12:45 - 2014-02-03 17:59 - 00000000 ____D () C:\Users\***\Desktop\Spiele 2015-01-22 12:31 - 2013-09-27 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-20 12:44 - 2013-11-24 16:28 - 00000000 ____D () C:\ProgramData\Temp 2015-01-20 02:52 - 2014-02-03 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-20 00:43 - 2014-02-03 18:20 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode 2015-01-20 00:43 - 2014-02-03 17:41 - 00000000 ____D () C:\Users\***\Desktop\Programme 2015-01-15 21:29 - 2013-09-27 11:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2015-01-15 21:28 - 2014-02-03 13:39 - 00000000 ____D () C:\Users\***\AppData\Roaming\CyberLink 2015-01-15 21:28 - 2013-11-24 16:29 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2015-01-15 16:33 - 2014-06-08 14:55 - 00000000 ____D () C:\Users\***\Documents\Ubisoft 2015-01-15 15:51 - 2014-02-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2015-01-15 15:49 - 2014-09-04 12:30 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-15 14:40 - 2014-02-03 12:32 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-15 14:33 - 2014-02-03 12:32 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 16:24 - 2014-03-23 12:09 - 00000000 ____D () C:\Program Files (x86)\JavaEditor 2015-01-12 15:42 - 2014-03-10 15:32 - 00000000 ____D () C:\Users\***\Desktop\Auto 2015-01-10 13:39 - 2014-10-28 21:50 - 00000000 ____D () C:\Users\***\Desktop\VT 2015-01-10 00:04 - 2014-05-18 21:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\dvdcss 2015-01-09 23:51 - 2014-02-24 15:10 - 00000000 ____D () C:\Program Files\SAMSUNG 2015-01-09 23:51 - 2014-02-03 17:46 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-09 23:51 - 2014-02-03 16:29 - 00000000 ____D () C:\Users\***\AppData\Local\Downloaded Installations 2015-01-09 15:24 - 2014-02-03 18:03 - 00000000 ____D () C:\ProgramData\Skype 2015-01-09 02:27 - 2014-12-25 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java-Editor 2015-01-05 18:16 - 2014-02-03 20:12 - 00000000 ____D () C:\Users\***\Desktop\Diverses ==================== Files in the root of some directories ======= 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pianos and Keyboards 2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pick Bass 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\Users\***\AppData\Roaming\Pipe Organ 2014-05-17 20:07 - 2014-06-09 19:46 - 0009216 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-31 19:21 - 2015-01-31 19:21 - 0009589 _____ () C:\Users\***\AppData\Local\recently-used.xbel 2014-04-03 09:32 - 2014-07-28 15:23 - 0007629 _____ () C:\Users\***\AppData\Local\Resmon.ResmonCfg 2014-05-18 21:36 - 2015-01-01 18:00 - 0000164 ___SH () C:\ProgramData\.zreglib 2014-02-03 18:16 - 2014-02-03 18:16 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2014-02-03 18:13 - 2015-01-24 21:58 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-02-03 18:13 - 2015-01-24 21:08 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plants 2014-02-03 18:16 - 2014-02-03 18:16 - 0000268 ___RH () C:\ProgramData\Plug-In Settings 2014-02-03 18:13 - 2014-02-03 18:13 - 0000268 ___RH () C:\ProgramData\Plug-Ins ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-30 15:52 ==================== End Of Log ============================ Das Problem trat momentan nicht mehr auf, manchmal trat das aber nur selten auf, ich würde einfach mal ein bisschen abwarten... Ansonsten schon einmal vielen Dank! Falls es nicht zu viel ausmacht, würdest Du mir noch erklären was Du genau gemacht hast? Ein bisschen kann ich Quelltext und Logs auch lesen, ich habe jetzt eigtl. nur verstanden, dass Du die temporären Dateien gelöscht hast und eine Windows-Datei überschrieben, ist das richtig? Ich starte bald auch eine Ausbildung zum Fachinformatiker, deshalb interessiert mich sowas... Danke nocheinmal und das Forum wird von mir auf jeden Fall empfohlen, egal wie das Ergebnis sein sollte! P.S. meinen Benutzernamen habe ich so gründlich wie möglich entfernt, ist natürlich nur dafür, dass nicht jeder den sieht... Falls Du den für Pfadangaben brauchst, schicke ich ihn dir per PN... |
04.02.2015, 18:45 | #10 |
/// the machine /// TB-Ausbilder | Es öffnet sich immer ein P****fenster im Browser Java und Firefox updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (1).exe C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (2).exe C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (3).exe C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (4).exe C:\Users\***\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0.exe C:\Users\***\Downloads\Alcohol120_FE_2.0.2.5830_d4fe6cf50585eedace7c0f1d25ce4826.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Wir haben im Großen und Ganzen nur Adware entfernt. TEste mal und berichte wieder
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.02.2015, 14:24 | #11 |
| Es öffnet sich immer ein P****fenster im Browser Hi, hab die Pfade ersetzt durch meinen Username, daher nun folgendes Ergebnis in der Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 Ran by **** at 2015-02-04 18:55:37 Run:3 Running from C:\Users\****\Desktop Loaded Profiles: **** (Available profiles: **** & Papa & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (1).exe C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (2).exe C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (3).exe C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (4).exe C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0.exe C:\Users\****\Downloads\Alcohol120_FE_2.0.2.5830_d4fe6cf50585eedace7c0f1d25ce4826.exe ***************** C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (1).exe => Moved successfully. C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (2).exe => Moved successfully. C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (3).exe => Moved successfully. C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0 (4).exe => Moved successfully. C:\Users\****\Desktop\Mama Laptop\Alter Computer\Downloads\SopCast-3.5.0.exe => Moved successfully. C:\Users\****\Downloads\Alcohol120_FE_2.0.2.5830_d4fe6cf50585eedace7c0f1d25ce4826.exe => Moved successfully. ==== End of Fixlog 18:55:38 ==== Bis jetzt ist das Problem übrigens nicht mehr aufgetaucht, ich hoffe das bleibt auch so, aber vielen Dank! Gruß! |
05.02.2015, 15:01 | #12 |
/// the machine /// TB-Ausbilder | Es öffnet sich immer ein P****fenster im Browser Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Es öffnet sich immer ein P****fenster im Browser |
backups, browser, einstellungen, einträge, fenster, forum, gefahr, gelöscht, geändert, hoffe, klicke, laufen, links, malwarebytes, merkwürdige, neuaufsetzen, problem, programme, programmen, registry, router, webseite, wegbekomme, werte, ändern, öffnet |