| |
| |||||||
Log-Analyse und Auswertung: Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in ProgrammleisteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.02.2015, 12:59
| #1 |
 |  Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste Hallo, ich werde regelmässig auf den Desktop geschmissen und aus dem aktuell laufenden Programm (Spiel oder Email schreiben). Dabei öffnet sich sehr kurz ein Programm in der Leiste und schließt sich wieder. Bin für jede Hilfe dankbar. Junkware Removal Tool: JRT Logfile:JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by XXX YYY on 09.02.2015 at 9:45:31,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{00117357-098D-4607-B578-EA895FB3BDCC}
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{0015BDB9-E463-410E-AF47-D3FA19F7A24A}
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{00193A7B-AFAC-4EC0-A098-E770E575232C}
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{00ED0629-4593-42C0-BA0B-F9743F041517}
Successfully deleted: [Empty Folder] C:\Users\XXX YYY\appdata\local\{00FC3838-9A0A-4AED-A712-87735292151E}
...
(hier folgen lauter leere ORdner, denke nicht dass das viel bringt, außedem wird der Post damit zu lang)
~~~ FireFox
Successfully deleted the following from C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\prefs.js
user_pref("extensions.alexa.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(?:s)?:\\\\/\\\\/(?:www[0-9]*\\\\.|encrypted\\\\.)(?:l\\\\.)?google\\\\..*\\\\/.*[?#&]q=
user_pref("services.sync.client.syncID", "Tv9AODYDY9mr");
Emptied folder: C:\Users\XXX YYY\AppData\Roaming\mozilla\firefox\profiles\gwlew6n9.default\minidumps [364 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 9:49:16,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Scan Log vor Malwarebytes Removal: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 05.02.2015 Scan Time: 16:56:49 Logfile: Malwarebytes Scan.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.05.07 Rootkit Database: v2015.02.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: YYY XXX Scan Type: Threat Scan Result: Completed Objects Scanned: 348571 Time Elapsed: 15 min, 15 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.DigitalSites.A, HKU\S-1-5-21-3557091032-3563988234-1886976076-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Delete-on-Reboot, [a833bd5d44463ef841902edc2bda45bb], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3557091032-3563988234-1886976076-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Delete-on-Reboot, [27b4ac6ea6e4ff37bba9746edc28de22], Registry Values: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-3557091032-3563988234-1886976076-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, Delete-on-Reboot, [27b4ac6ea6e4ff37bba9746edc28de22] Registry Data: 1 PUP.Optional.StartPage, HKU\S-1-5-21-3557091032-3563988234-1886976076-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=5ABA002710DD58F0&affID=119357&tsp=4958, Good: (www.google.com), Bad: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=5ABA002710DD58F0&affID=119357&tsp=4958),Delete-on-Reboot,[5883bd5de1a9a19573b40ca6ee17f907] Folders: 4 PUP.Optional.DigitalSite.A, C:\Users\YYY XXX\AppData\Roaming\DigitalSite\UpdateProc, Quarantined, [697273a7395145f124db537b62a116ea], PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com, Quarantined, [934863b7c8c240f605e05a2628db5ca4], PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults, Quarantined, [934863b7c8c240f605e05a2628db5ca4], PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences, Quarantined, [934863b7c8c240f605e05a2628db5ca4], Files: 7 PUP.Optional.Delta.A, C:\Users\YYY XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage, Quarantined, [02d9d644f09acf67a223891140c31ce4], PUP.Optional.Delta.A, C:\Users\YYY XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage-journal, Quarantined, [20bbec2edfabb77f23a26931c53e3fc1], PUP.Optional.Babylon.A, C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\searchplugins\babylon.xml, Quarantined, [89524fcbbcce01350b93239e47bcac54], PUP.Optional.DigitalSite.A, C:\Users\YYY XXX\AppData\Roaming\DigitalSite\UpdateProc\config.dat, Quarantined, [697273a7395145f124db537b62a116ea], PUP.Optional.DigitalSite.A, C:\Users\YYY XXX\AppData\Roaming\DigitalSite\UpdateProc\prod.dat, Quarantined, [697273a7395145f124db537b62a116ea], PUP.Optional.BrowserDefender.A, C:\Users\YYY XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage, Quarantined, [a13abe5cfc8ee94d8dfffbea41c3936d], PUP.Optional.Babylon.A, C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences\dflt.js, Quarantined, [934863b7c8c240f605e05a2628db5ca4], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 05.02.2015 16:56:38, SYSTEM, YYYXXX-VAIO, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 05.02.2015 16:56:38, SYSTEM, YYYXXX-VAIO, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, Update, 05.02.2015 16:56:42, SYSTEM, YYYXXX-VAIO, Manual, Malware Database, 2014.11.20.6, 2015.2.5.7, Scan, 05.02.2015 17:17:15, SYSTEM, YYYXXX-VAIO, Manual, Start:05.02.2015 16:56:49, Duration:15 min 15 sec, Threat Scan, Completed, 0 Malware Detections, 15 Non-Malware Detections, (end) Malwarebytes Scan Log after Malwarebytes Removal: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08.02.2015 Scan Time: 16:36:45 Logfile: Malwarebytes Scan after Malwarebytes Removal.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.08.04 Rootkit Database: v2015.02.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: YYY YYY Scan Type: Threat Scan Result: Completed Objects Scanned: 348841 Time Elapsed: 16 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:59 on 09/02/2015 (XXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by YYY XXX (administrator) on YYYXXX-VAIO on 09-02-2015 12:01:02
Running from C:\Users\YYY XXX\Downloads
Loaded Profiles: YYY XXX (Available profiles: YYY XXX)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
(Microsoft Corporation) C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
() C:\Users\YYY XXX\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9962016 2010-06-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2010-03-01] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite\launcher.exe [84744 2010-04-27] (UPEK Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [253440 2010-05-18] (Vodafone)
HKLM-x32\...\Run: [MarketingTools] => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2013-03-19] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [SkyDrive] => C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\Run: [GoogleChromeAutoLaunch_550EDA027B4B11347618D98EDCBB3ADF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\RunOnce: [Uninstall C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {852a4381-bbbe-11e2-9681-0024bed7ff33} - D:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {852a43a5-bbbe-11e2-9681-0024bed7ff33} - D:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {c8b79af5-29a7-11e3-9355-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d80812ee-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d80812ff-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d808131c-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\...\MountPoints2: {d808133f-1fbb-11e3-afed-0024bed7ff33} - E:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\YYY XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\YYY XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\YYY XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite\farchns.dll (UPEK Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3557091032-3563988234-1886976076-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {3617BCD7-E991-4BB5-8542-09A0B20EE913} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {794C16B2-C354-42CB-8212-172F5BD771B6} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3557091032-3563988234-1886976076-1000 -> {A70EC677-F517-45E6-831A-E87104D7AC0B} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{876E33B5-EE1E-4322-8F79-79EB6087A1E2}: [NameServer]
Tcpip\..\Interfaces\{AA2DF348-6AB3-482F-A8BC-41E89158A468}: [NameServer] 10.74.210.210 10.74.210.211
FireFox:
========
FF ProfilePath: C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\YYY XXX\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3557091032-3563988234-1886976076-1000: @citrixonline.com/appdetectorplugin -> C:\Users\YYY XXX\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3557091032-3563988234-1886976076-1000: LWAPlugin15.8 -> C:\Users\YYY XXX\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\YYY XXX\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\YYY XXX\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\YYY XXX\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF SearchPlugin: C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\searchplugins\translate-korean-to-english.xml
FF Extension: Avira Browser Safety - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\abs@avira.com [2015-02-03]
FF Extension: Password Bank - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\passwordbank@upek.com [2013-03-20]
FF Extension: Ghostery - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: FireGestures - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\firegestures@xuldev.org.xpi [2013-03-20]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-08-09]
FF Extension: Yesware Email Tracking - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-04-24]
FF Extension: Rapportive - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\rapportive@rapportive.com.xpi [2013-06-20]
FF Extension: TinEye Reverse Image Search - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\tineye@ideeinc.com.xpi [2013-03-20]
FF Extension: Screengrab - C:\Users\YYY XXX\AppData\Roaming\Mozilla\Firefox\Profiles\gwlew6n9.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2013-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-09 12:53:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 119,25GB
Running: Gmer-19357.exe; Driver: C:\Users\YYYRAU~1\AppData\Local\Temp\kftyrpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800037f5070 25 bytes [C4, 08, 4C, 89, 64, 24, 50, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 586 fffff800037f508a 6 bytes [00, 00, 00, 80, 05, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\ProgramData\DatacardService\DCSHelper.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\ProgramData\DatacardService\DCSHelper.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Users\YYY XXX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe[4456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[1416] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[1416] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[5240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[5324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[5324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[5352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [5456] entry point in ".rdata" section 00000000593d71e6
.text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077011465 2 bytes [01, 77]
.text C:\Windows\SysWOW64\RunDll32.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770114bb 2 bytes [01, 77]
.text ... * 2
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000775bf9e0 5 bytes JMP 000000010f68ea93
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 00000000775bfa28 5 bytes JMP 000000010f68f0f8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 00000000775bfa40 5 bytes JMP 000000010f68d830
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 00000000775bfa90 5 bytes JMP 000000010f68d38c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000775bfaa8 5 bytes JMP 000000010f68d67d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 00000000775bfb40 5 bytes JMP 000000010f68f338
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 00000000775bfc38 5 bytes JMP 000000010f69a713
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 00000000775bfd4c 5 bytes JMP 000000010f68d1d4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000775bfd64 5 bytes JMP 000000010f699d35
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 00000000775bfd98 5 bytes JMP 000000010f69a030
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000775bfe44 5 bytes JMP 000000010f68e668
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 00000000775bfe5c 5 bytes JMP 000000010f699e5e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000775c00b4 5 bytes JMP 000000010f699b7a
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000775c01c4 5 bytes JMP 000000010f68d9d8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 00000000775c0754 5 bytes JMP 000000010f68f3da
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000775c09e4 5 bytes JMP 000000010f699d72
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000775c09fc 5 bytes JMP 000000010f68cfa8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 00000000775c0a44 5 bytes JMP 000000010f68db8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 00000000775c0b80 5 bytes JMP 000000010f68d0be
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 00000000775c0f70 5 bytes JMP 000000010f68e01b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775c0f88 5 bytes JMP 000000010f68e1b7
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 00000000775c1018 5 bytes JMP 000000010f68f185
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 00000000775c1030 5 bytes JMP 000000010f68f2a8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 00000000775c1048 5 bytes JMP 000000010f68f215
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000775c133c 5 bytes JMP 000000010f699f47
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 00000000775c147c 5 bytes JMP 000000010f68de8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 00000000775c1528 5 bytes JMP 000000010f68e37b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 00000000775c1718 5 bytes JMP 000000010f68dd06
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 00000000775c1a58 5 bytes JMP 000000010f68d535
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 00000000775c1b9c 5 bytes JMP 000000010f68e4fd
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000076c8103d 5 bytes JMP 000000010f673904
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076c81072 5 bytes JMP 000000010f673d68
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 0000000076cac9b5 5 bytes JMP 000000010f673a1e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076d02ff1 5 bytes JMP 000000010f673c62
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770b2642 5 bytes JMP 000000010f673f75
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000075229ebd 5 bytes JMP 00000001027499ff
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000075230afa 5 bytes JMP 000000010274e26c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075231361 5 bytes JMP 000000010275c8b4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000075237849 5 bytes JMP 00000001028d1f12
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075316143 5 bytes JMP 0000000102ecdebe
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 000000007531ea09 7 bytes JMP 000000010f6ae370
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleRun 00000000753207de 5 bytes JMP 000000010f6ade9e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000753221e1 5 bytes JMP 000000010f6b1745
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleUninitialize 000000007532eba1 6 bytes JMP 000000010f6ade15
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleInitialize 000000007532efd7 5 bytes JMP 000000010f6addcd
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000753454ad 5 bytes JMP 000000010f6afdbb
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000753509ad 5 bytes JMP 000000010f6add6d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000753586d3 5 bytes JMP 000000010f6b07cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075359d0b 5 bytes JMP 000000010f6b14ec
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000075359d4e 5 bytes JMP 000000010f6af3c7
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 000000007537bb09 7 bytes JMP 000000010f6adee6
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 000000007539eacf 5 bytes JMP 000000010f6afa7c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 00000000753d340b 5 bytes JMP 000000010f6b08cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[5816] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007541cfd9 5 bytes JMP 000000010f6ade56
---- Devices - GMER 2.1 ----
Device \Driver\semav6thermal64ro \Device\semav6thermal64ro fffff88005688010
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2272](2013-09-17 17:11:47) 000000006fbc0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2272](2013-09-17 17:11:47) 000000006e940000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2272](2013-09-17 17:11:47) 000000006a1c0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2272](2013-09-17 17:11:48) 000000006ff00000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 00000000581a0000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000057840000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2014-10-22 00:22:50) 0000000060f10000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000560c0000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 00000000040c0000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000
Library c:\users\YYYrau~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7jjwhg.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2015-02-09 11:41:14) 0000000003a70000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000005f840000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000006050000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005b830000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005b5d0000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 0000000060650000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2014-10-22 00:22:50) 00000000601b0000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000060180000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000005f800000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 000000005f570000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2014-10-22 00:22:48) 000000005af70000
Library C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\YYY XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe [1416](2014-10-22 00:22:46) 000000005f530000
Library C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [5352] (Razer Configurator/Razer Inc.)(2015-01-07 03:14:46) 000000005b050000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 0000000002720000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 000000000f940000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 0000000004c20000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 000000000b9e0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 000000000f470000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 000000000bf10000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 000000000f4f0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 000000000f7b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 0000000061a60000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5816] 0000000004190000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313dbb8cf
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e14ca9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e14ca9@b8c68eaf2231 0xFC 0x54 0x3D 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e14ca9@c0eefb32dc7a 0xF9 0xE5 0x14 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313dbb8cf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e14ca9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e14ca9@b8c68eaf2231 0xFC 0x54 0x3D 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e14ca9@c0eefb32dc7a 0xF9 0xE5 0x14 0x1B ...
---- EOF - GMER 2.1 ----
Geändert von LarryPerkins (09.02.2015 um 13:05 Uhr) |
| Themen zu Win7: werde regelmäßig auf Desktop geschmissen, Programm öffnet und schließt sich kurz in Programmleiste |
| explorer, homepage, internet, internet explorer, programm, pup.optional.babylon.a, pup.optional.browserdefender.a, pup.optional.delta.a, pup.optional.digitalsite.a, pup.optional.digitalsites.a, pup.optional.installcore.a, pup.optional.startpage, siteadvisor, software |
Baum-Darstellung