| |
| |||||||
Log-Analyse und Auswertung: WIN7: Google Suchergebnisse auf Chrome manipuliertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.02.2015, 16:43
| #1 |
| |  WIN7: Google Suchergebnisse auf Chrome manipuliert Liebes Forum-Team, Ich habe Posts anderer User bereits gelesen und finde es toll wie ihr das macht. Leider habe ich ein sehr hartnäckiges Problem. Die Google Ergebnisse im Chrome-Browser sind manipuliert u.A. mit Werbung. Im Anhang ein Screenshot. Meine Recherche hat gezeigt, dass eine Einstellung in den LAN Einstellungen des IE das Problem löst (siehe Screenshot2). Jedoch nach einem Neustart existiert das Problem wieder. Die Google Suche für den Begriff Test lautet dann Code:
ATTFilter https://www.google.at/search?q=test&oq=test&aqs=chrome.0.69i59j0l5.791j0j7&sourceid=chrome&es_sm=93&ie=UTF-8#gsc.tab=0&gsc.q=test&gsc.page=1
Hier die Logfiles: Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:11 on 21/02/2015 (Design6.at)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Design6.at (administrator) on DESIGN6AT-PC on 21-02-2015 16:14:03
Running from C:\Users\Design6.at\Downloads
Loaded Profiles: Design6.at (Available profiles: Design6.at)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Greenshot) D:\Program Files\Greenshot\Greenshot.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Akamai Technologies, Inc.) C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\tv_x64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-19] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Greenshot] => D:\Program Files\Greenshot\Greenshot.exe [536576 2014-12-29] (Greenshot)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-07-26] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => D:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\...\Run: [GoogleChromeAutoLaunch_4CF9F9D6DF13FA6B77791F18F624F736] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\...\MountPoints2: {f5aa6b4a-98d5-11e4-be35-806e6f6e6963} - E:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
Startup: C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080;
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\Extensions\abs@avira.com [2015-02-21]
FF Extension: PCCpnApp - C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\Extensions\BGD@UNj.net [2015-02-21]
FF Extension: UUniDealSi - C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\Extensions\ERgPK@o.com [2015-02-21]
FF Extension: FireFTP - C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-01-14]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]
CHR Extension: (Google Docs) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-21]
CHR Extension: (YouTube) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-21]
CHR Extension: (Google Search) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-21]
CHR Extension: (Google Sheets) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]
CHR Extension: (Google Wallet) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-21]
CHR Extension: (Gmail) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 avgfws; D:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; D:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-26] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-21] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-02-20] () [File not signed]
R2 MSSQL$ZOOM; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [160768 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$ZOOM; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\SQLAGENT.EXE [448512 2012-10-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-30] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418520 2013-06-17] (Realsil Semiconductor Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1512952 2013-08-20] (Sunplus)
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 16:14 - 2015-02-21 16:14 - 00026186 _____ () C:\Users\Design6.at\Downloads\FRST.txt
2015-02-21 16:13 - 2015-02-21 16:14 - 00000000 ____D () C:\FRST
2015-02-21 16:13 - 2015-02-21 16:13 - 02086912 _____ (Farbar) C:\Users\Design6.at\Downloads\FRST64.exe
2015-02-21 16:11 - 2015-02-21 16:11 - 00000482 _____ () C:\Users\Design6.at\Downloads\defogger_disable.log
2015-02-21 16:11 - 2015-02-21 16:11 - 00000000 _____ () C:\Users\Design6.at\defogger_reenable
2015-02-21 16:10 - 2015-02-21 16:10 - 00050477 _____ () C:\Users\Design6.at\Downloads\Defogger.exe
2015-02-21 15:52 - 2015-02-21 15:52 - 00178950 _____ () C:\Users\Design6.at\Downloads\OTL.Txt
2015-02-21 15:52 - 2015-02-21 15:52 - 00063678 _____ () C:\Users\Design6.at\Downloads\Extras.Txt
2015-02-21 15:45 - 2015-02-21 15:45 - 00602112 _____ (OldTimer Tools) C:\Users\Design6.at\Downloads\OTL.exe
2015-02-21 15:30 - 2015-02-21 15:30 - 00000000 ____D () C:\Windows\pss
2015-02-21 14:38 - 2015-02-21 14:38 - 00001421 _____ () C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-21 13:33 - 2015-02-21 13:33 - 39739064 _____ (Microsoft Corporation) C:\Users\Design6.at\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-21 12:42 - 2015-02-21 12:41 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-02-21 12:41 - 2015-02-21 12:41 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Avira
2015-02-21 12:40 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-21 12:40 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-21 12:40 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-02-21 12:38 - 2015-02-21 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-21 12:38 - 2015-02-21 12:39 - 00000000 ____D () C:\ProgramData\Avira
2015-02-21 12:38 - 2015-02-21 12:39 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-21 12:38 - 2015-02-21 12:38 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Design6.at\Downloads\avira_de_av___ws.exe
2015-02-21 12:35 - 2015-02-21 15:54 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 12:35 - 2015-02-21 15:40 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 12:35 - 2015-02-21 12:35 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-21 12:35 - 2015-02-21 12:35 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-21 12:35 - 2015-02-21 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-21 12:03 - 2015-02-21 12:05 - 00002714 _____ () C:\Users\Design6.at\Downloads\software_removal_tool.log
2015-02-21 11:58 - 2015-02-21 11:58 - 00880208 _____ (Google Inc.) C:\Users\Design6.at\Downloads\ChromeSetup.exe
2015-02-21 11:56 - 2015-02-21 11:56 - 00000812 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-21 11:32 - 2015-02-21 11:32 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-21 11:31 - 2015-02-21 11:31 - 04196968 _____ (Piriform Ltd) C:\Users\Design6.at\Downloads\ccsetup502_slim.exe
2015-02-20 19:26 - 2015-02-21 15:54 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-20 19:26 - 2015-02-21 08:57 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-20 19:23 - 2015-02-20 19:23 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-20 19:23 - 2015-02-20 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-20 19:23 - 2015-02-20 19:23 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-20 19:23 - 2015-02-20 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-20 19:20 - 2015-02-20 19:20 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-20 18:39 - 2015-02-21 12:00 - 00000468 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-20 18:39 - 2015-02-20 19:08 - 00003224 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-20 18:39 - 2015-02-20 19:08 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-20 18:26 - 2015-02-20 18:26 - 00000000 ____D () C:\Users\Design6.at\.swt
2015-02-20 18:24 - 2015-02-20 18:32 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Azureus
2015-02-20 18:18 - 2015-02-20 18:25 - 00000000 ____D () C:\Users\Design6.at\Documents\Outlook Files
2015-02-20 18:17 - 2015-02-20 18:16 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2015-02-20 16:44 - 2015-02-20 16:44 - 00003214 _____ () C:\Windows\System32\Tasks\{B2FD8413-1137-4802-8888-998CD470D8F2}
2015-02-20 16:42 - 2015-02-21 09:01 - 00000000 ____D () C:\Program Files (x86)\PCCpnApp
2015-02-20 16:42 - 2015-02-20 16:42 - 00000000 ____D () C:\ProgramData\oiioioicnlbidlgkanljnbdgdcoicbff
2015-02-20 16:39 - 2015-02-20 17:11 - 00000000 ____D () C:\Program Files (x86)\UUniDealSi
2015-02-20 16:39 - 2015-02-20 16:39 - 00000000 ____D () C:\ProgramData\mogpoehfpbfiaheaphgjflgcfjgjodof
2015-02-20 16:39 - 2015-02-20 16:39 - 00000000 ____D () C:\ProgramData\13511546191016658474
2015-02-20 16:37 - 2015-02-21 09:01 - 00000000 ____D () C:\ProgramData\{775d5413-8f2a-4573-775d-d54138f2504e}
2015-02-20 13:40 - 2015-02-20 13:40 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-20 12:38 - 2015-02-21 09:49 - 00000000 ____D () C:\Users\Test
2015-02-17 13:47 - 2015-02-17 15:47 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\.purple
2015-02-11 13:18 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 13:18 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 13:18 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 13:18 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 13:17 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 13:17 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 13:17 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 13:17 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 13:17 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 13:17 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 13:17 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 13:17 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 13:17 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 13:17 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 13:17 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 13:17 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 13:17 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 13:17 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 13:17 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 13:17 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 13:17 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 13:17 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 13:17 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 13:17 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 13:17 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 13:17 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 13:17 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 13:17 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 13:17 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 13:17 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 13:17 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 13:17 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 13:17 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 13:17 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 13:17 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 13:17 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 13:17 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 13:17 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 13:17 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 13:17 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 13:17 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 13:17 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 13:17 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 13:17 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 13:16 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 12:29 - 2015-02-18 15:29 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\CrashDumps
2015-02-04 15:08 - 2015-02-16 10:23 - 00002002 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-02-03 12:05 - 2015-02-03 12:05 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-03 12:05 - 2015-02-03 12:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 12:01 - 2015-01-26 12:01 - 00097840 _____ () C:\Windows\Birds of Paradise PERSONAL USE ONLY.ttf
2015-01-22 11:47 - 2015-02-19 17:38 - 00000132 _____ () C:\Users\Design6.at\AppData\Roaming\Adobe PNG Format CS5 Prefs
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 16:11 - 2015-01-10 16:39 - 00000000 ____D () C:\Users\Design6.at
2015-02-21 15:59 - 2009-07-14 05:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 15:59 - 2009-07-14 05:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 15:57 - 2015-01-10 16:39 - 01812850 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 15:55 - 2015-01-13 10:03 - 00005108 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Design6at-PC-Design6.at Design6at-PC
2015-02-21 15:54 - 2015-01-20 12:55 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Dropbox
2015-02-21 15:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 15:54 - 2009-07-14 05:51 - 00035987 _____ () C:\Windows\setupact.log
2015-02-21 15:40 - 2015-01-10 17:35 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-21 15:27 - 2015-01-10 16:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-21 15:27 - 2010-11-21 04:47 - 00169578 _____ () C:\Windows\PFRO.log
2015-02-21 14:38 - 2015-01-10 16:40 - 00001455 _____ () C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-21 14:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-21 14:24 - 2015-01-11 22:04 - 00000000 ____D () C:\Users\Design6.at\Documents\Outlook-Dateien
2015-02-21 12:38 - 2015-01-10 16:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-21 12:35 - 2015-01-10 17:22 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-21 12:00 - 2015-01-10 17:21 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\Google
2015-02-21 09:08 - 2015-01-12 18:21 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\Adobe
2015-02-21 08:57 - 2015-01-10 17:07 - 00151104 _____ () C:\Users\Design6.at\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-21 08:57 - 2009-07-14 05:45 - 05905360 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-20 19:24 - 2015-01-11 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 19:23 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\ShellNew
2015-02-20 19:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-20 19:20 - 2015-01-11 21:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-20 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-20 19:20 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-20 18:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-20 13:53 - 2015-01-10 17:09 - 00000000 ____D () C:\Users\Design6.at\Documents\Bluetooth Folder
2015-02-20 12:50 - 2009-07-14 06:13 - 00733056 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 12:39 - 2015-01-10 17:17 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-20 12:38 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-19 09:36 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\Greenshot
2015-02-18 18:25 - 2015-01-13 11:24 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Skype
2015-02-16 10:23 - 2015-01-13 14:23 - 00000728 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-16 10:05 - 2015-01-20 12:56 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 12:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 14:19 - 2015-01-13 15:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 14:19 - 2015-01-13 15:54 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-22 11:45 - 2015-01-12 18:21 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Adobe
==================== Files in the root of some directories =======
2015-01-22 11:47 - 2015-02-19 17:38 - 0000132 _____ () C:\Users\Design6.at\AppData\Roaming\Adobe PNG Format CS5 Prefs
Some content of TEMP:
====================
C:\Users\Design6.at\AppData\Local\Temp\avgnt.exe
C:\Users\Design6.at\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4rfn0m.dll
C:\Users\Design6.at\AppData\Local\Temp\Microsoft Toolkit.exe
C:\Users\Design6.at\AppData\Local\Temp\ose00001.exe
C:\Users\Design6.at\AppData\Local\Temp\SETUP.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 12:31
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Design6.at at 2015-02-21 16:14:28
Running from C:\Users\Design6.at\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4293 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
biz.2zoom.vollinstallation (HKLM-x32\...\{D1186B75-6559-4DC8-B941-2B065068C297}) (Version: 7.0.0.0 - 2zoom)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Dropbox (HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Greenshot 1.2.4.10 (HKLM\...\Greenshot_is1) (Version: 1.2.4.10 - Greenshot)
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.32 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{B50981AD-95E8-4E4D-912A-7C4B738387CA}) (Version: 3.4.6.0 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{D0AAC6B5-2B55-4E53-B996-0D4EA696E00C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{376949D9-0B10-4E7A-9AA5-16AC38F9E843}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.18 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Service Pack 1 for SQL Server 2012 (KB2674319) (HKLM-x32\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SQL Server 2012 Client Tools (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (x32 Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.3 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
Validity Fingerprint Sensor Driver (HKLM\...\{F5850B80-27F9-406E-91D3-1329F813BA63}) (Version: 4.5.130.0 - Validity Sensors, Inc.)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-14 15:29 - 00003747 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
There are 66 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0390690F-FCAE-46F2-A987-CD48477DCBA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)
Task: {050DC59B-CA47-40EA-A5B8-27ED142279A3} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {088E77C4-0CF9-434A-B0E2-C0BAD8A42600} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {310C0231-1044-45B8-9676-64F13DCC2E45} - System32\Tasks\2zoom.biz.backup => C:\Program Files (x86)\2zoom\2zoom.biz.backup\2zoom.biz.backup.exe [2014-12-01] (Daniel Sumak / 2zoom Software)
Task: {49AC808A-67A7-4A4B-8FE8-D59237611917} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Design6at-PC-Design6.at Design6at-PC => D:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {709AA1FB-223D-48C0-9493-4511AB1D2285} - System32\Tasks\AdobeAAMUpdater-1.0-Design6at-PC-Design6.at => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {85B56DA3-037A-4C4C-A010-92B1EA6E8382} - System32\Tasks\{B2FD8413-1137-4802-8888-998CD470D8F2} => pcalua.exe -a "C:\Program Files (x86)\UUniDealSi\UUniDealSi.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {9065AE64-F4C9-4000-8744-9456EFF4C990} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {926BD8D6-AC80-4B96-8355-5B0D8C6A4A50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)
Task: {9CCCA785-592E-44D7-B9BB-A5707DE194D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {BF5C0861-DED5-46F7-8152-87781B2CFF46} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-20] ()
Task: {DF5D67A2-F6A8-40D9-8049-666E024C0101} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {EBC2744E-665C-404A-8DBF-EDBB79BA5C83} - System32\Tasks\KMS Activation => D:\Program Files\KMSpico\RandomFile.exe
Task: {F9C5D8F3-545B-4D70-94EE-E1545D623DBE} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\InstallShield Update Task.job => C:\Windows\system32\wscript.exe
==================== Loaded Modules (whitelisted) ==============
2013-06-28 06:00 - 2013-06-28 06:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () D:\Program Files\CCleaner\lang\lang-1031.dll
2013-06-28 06:08 - 2013-06-28 06:08 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2013-06-28 05:56 - 2013-06-28 05:56 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-21 15:54 - 2015-02-21 15:54 - 00043008 _____ () c:\users\design6.at\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4rfn0m.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2015-02-21 12:35 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 12:35 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 12:35 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-01-10 17:07 - 2013-07-26 06:24 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-29 14:03 - 2015-01-29 14:03 - 03925104 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.34.133.21 - 212.186.211.21
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2
MSCONFIG\startupfolder: C:^Users^Design6.at^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office 2013 Product Key Generator Full Download.lnk => C:\Windows\pss\Microsoft Office 2013 Product Key Generator Full Download.lnk.Startup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4CF9F9D6DF13FA6B77791F18F624F736 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
==================== Accounts: =============================
Administrator (S-1-5-21-3611461970-3163121172-2511595225-500 - Administrator - Disabled)
Design6.at (S-1-5-21-3611461970-3163121172-2511595225-1000 - Administrator - Enabled) => C:\Users\Design6.at
Gast (S-1-5-21-3611461970-3163121172-2511595225-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3611461970-3163121172-2511595225-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {09c9dfa8-67be-43a1-9c42-c6134f4fd75e}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {09c9dfa8-67be-43a1-9c42-c6134f4fd75e}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {c5c9a588-688b-4447-8739-7843746fd224}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {c5c9a588-688b-4447-8739-7843746fd224}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 12346) (User: )
Description: Volumeschattenkopie-Fehler: Beim Initialisieren des Registrierungs-Generators ist ein Fehler "0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
"
aufgetreten. Dies kann dazu führen, dass keine Schattenkopien mehr erstellt werden können.
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {ceb9fdf0-91f9-463b-a832-81cc0ff708e0}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {ceb9fdf0-91f9-463b-a832-81cc0ff708e0}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 12342) (User: )
Description: Volumeschattenkopie-Fehler: Beim Initialisieren des Registrierungs-Generators ist ein Fehler "0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
"
aufgetreten. Dies kann dazu führen, dass keine Schattenkopien mehr erstellt werden können.
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Subscribing the Registry server writer failed. hr = 8004230208lx" ist ein unerwarteter Fehler aufgetreten. hr = 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
.
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {4764ac36-4b30-44c7-8661-d88e9f481ae6}
System errors:
=============
Error: (02/21/2015 04:05:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/21/2015 03:56:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/21/2015 03:56:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/21/2015 03:55:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (02/21/2015 03:54:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/21/2015 03:54:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/21/2015 03:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/21/2015 03:54:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (02/21/2015 03:54:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
Error: (02/21/2015 03:54:16 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.
Microsoft Office Sessions:
=========================
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {09c9dfa8-67be-43a1-9c42-c6134f4fd75e}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {09c9dfa8-67be-43a1-9c42-c6134f4fd75e}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {c5c9a588-688b-4447-8739-7843746fd224}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Generatorname: ASR Writer
Generatorinstanz-ID: {c5c9a588-688b-4447-8739-7843746fd224}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 12346) (User: )
Description: 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {ceb9fdf0-91f9-463b-a832-81cc0ff708e0}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {ceb9fdf0-91f9-463b-a832-81cc0ff708e0}
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 12342) (User: )
Description: 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Subscribing the Registry server writer failed. hr = 8004230208lx0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
Error: (02/21/2015 04:14:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Generator wird abonniert
Kontext:
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {4764ac36-4b30-44c7-8661-d88e9f481ae6}
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16265.11 MB
Available physical RAM: 13003.15 MB
Total Pagefile: 32528.41 MB
Available Pagefile: 29106.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:88.92 GB) (Free:9.5 GB) NTFS
Drive d: () (Fixed) (Total:143.86 GB) (Free:42.45 GB) NTFS
Drive x: (Business) (Fixed) (Total:195.78 GB) (Free:195.51 GB) NTFS
Drive y: (Privat) (Fixed) (Total:269.97 GB) (Free:269.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E570510A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=88.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=143.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 206BA7A1)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
21.02.2015, 16:47
| #2 |
| | GMER Logfile GMER
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-21 16:25:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000072 Samsung_ rev.EXT0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Design6.at\AppData\Local\Temp\fxryiuod.sys
---- User code sections - GMER 2.1 ----
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\AVG\AVG2015\avgfws.exe[2072] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2292] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2776] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\system32\wbem\wmiprvse.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\system32\taskhost.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\system32\Dwm.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\Explorer.EXE[3496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\system32\wbem\unsecapp.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\System32\igfxtray.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\System32\hkcmd.exe[3920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\System32\igfxpers.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text D:\Program Files\Greenshot\Greenshot.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\system32\igfxsrvc.exe[4056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files\CCleaner\CCleaner64.exe[4124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe[4240] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe[4264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe[4284] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4296] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4464] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe[4552] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Windows\SysWOW64\ctfmon.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[5616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\SearchIndexer.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\system32\svchost.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 7599b21b C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 7599b346 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 75a18ea9 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 759748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 75a187a2 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 75a18978 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 75a18698 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 75a18a62 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 7598fca8 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 759968ef C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 75a18f61 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 75a18ac2 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 75a1865c C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 7598fd41 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 7599b2dc C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 75a18e24 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\TeamViewer.exe[6364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 75a185f1 C:\Windows\syswow64\kernel32.dll
.text D:\Program Files (x86)\TeamViewer\tv_w32.exe[6636] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text D:\Program Files (x86)\TeamViewer\tv_x64.exe[6644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\system32\svchost.exe[6660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Windows\system32\SearchProtocolHost.exe[6768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[6516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[872] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[2116] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4764] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007717fe14 5 bytes JMP 0000000163b91000
.text C:\Windows\system32\wuauclt.exe[7140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076fd1650 5 bytes JMP 0000000077130018
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:2744] 00000000771b3e85
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:2768] 00000000771b2e65
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3108] 00000000771b3e85
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3884] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3888] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3892] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3896] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3900] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3912] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3916] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3928] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3932] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3944] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3956] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3960] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:3968] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4064] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4076] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4324] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4328] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4356] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4360] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4384] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4392] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4416] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4432] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4452] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4456] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4480] 000000005c2c1c2f
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4520] 000000006601facd
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4572] 000000006608ea8b
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4580] 000000006608ea8b
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4584] 000000006608ea8b
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4588] 000000006608ea8b
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4592] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:4616] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5036] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5124] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5128] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5132] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5164] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5168] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5172] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5176] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5180] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5184] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5188] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5192] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:5196] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:6048] 00000000690c09f6
Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [2508:6816] 00000000690c09f6
---- Processes - GMER 2.1 ----
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 0000000056780000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000056470000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240](2015-02-10 21:00:30) 00000000563b0000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000055e50000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 00000000041a0000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\design6.at\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4rfn0m.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240](2015-02-21 14:54:13) 0000000002ef0000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000052f50000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000051f60000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000051d40000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000051ae0000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000051ab0000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240](2015-02-10 21:00:30) 0000000051aa0000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000051a70000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000051a30000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000519e0000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240](2015-02-10 21:00:28) 0000000051900000
Library C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe [4240](2015-02-10 21:00:28) 00000000518b0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18cf5e3912ab
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18cf5e3912ab (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Die Datei 'C:\Users\Design6.at\AppData\Local\Temp\290\temp\BocaProc.xyz'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/MultiPlug.Gen4' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53fa2d22.qua' verschoben!
|
|
21.02.2015, 17:33
| #3 |
| /// the machine /// TB-Ausbilder    | WIN7: Google Suchergebnisse auf Chrome manipuliert hi,
__________________Scan mit Combofix
__________________ |
|
21.02.2015, 20:22
| #4 |
| | ComboFixCode:
ATTFilter ComboFix 15-02-16.01 - Design6.at 21.02.2015 19:51:27.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16265.14031 [GMT 1:00]
ausgeführt von:: c:\users\Design6.at\Desktop\ComboFix.exe
AV: AVG Internet Security 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2015 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\13511546191016658474
c:\programdata\13511546191016658474\cd5b15e575e1c3d04f97ae5466616bda.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-21 bis 2015-02-21 ))))))))))))))))))))))))))))))
.
.
2015-02-21 18:57 . 2015-02-21 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-21 15:53 . 2015-02-12 16:39 41784 ----a-w- c:\windows\system32\TURegOpt.exe
2015-02-21 15:53 . 2015-02-12 16:39 30520 ----a-w- c:\windows\system32\authuitu.dll
2015-02-21 15:53 . 2015-02-12 16:39 25912 ----a-w- c:\windows\SysWow64\authuitu.dll
2015-02-21 15:53 . 2015-02-21 15:53 -------- d-----w- c:\users\Design6.at\AppData\Roaming\AVG
2015-02-21 15:53 . 2015-02-21 15:53 -------- d-----w- c:\program files (x86)\AVG
2015-02-21 15:52 . 2015-02-21 15:52 -------- d-----w- c:\users\Design6.at\AppData\Local\Avg
2015-02-21 15:52 . 2015-02-21 15:53 -------- d-----w- c:\programdata\AVG
2015-02-21 15:13 . 2015-02-21 15:14 -------- d-----w- C:\FRST
2015-02-20 18:26 . 2015-02-21 07:57 -------- d-----w- c:\windows\AutoKMS
2015-02-20 18:23 . 2015-02-20 18:23 -------- d-----w- c:\program files\Common Files\DESIGNER
2015-02-20 18:23 . 2015-02-20 18:23 -------- d-----w- c:\program files\Microsoft.NET
2015-02-20 18:23 . 2015-02-20 18:23 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-02-20 18:23 . 2015-02-20 18:23 -------- d-----w- c:\windows\PCHEALTH
2015-02-20 18:20 . 2015-02-20 18:20 -------- d-----w- c:\program files\Microsoft Analysis Services
2015-02-20 17:39 . 2015-02-20 18:08 -------- d-----w- c:\program files (x86)\InstallShield
2015-02-20 17:26 . 2015-02-20 17:26 -------- d-----w- c:\users\Design6.at\.swt
2015-02-20 17:24 . 2015-02-20 17:32 -------- d-----w- c:\users\Design6.at\AppData\Roaming\Azureus
2015-02-20 17:17 . 2015-02-20 17:16 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2015-02-20 15:42 . 2015-02-21 08:01 -------- d-----w- c:\program files (x86)\PCCpnApp
2015-02-20 15:42 . 2015-02-20 15:42 -------- d-----w- c:\programdata\oiioioicnlbidlgkanljnbdgdcoicbff
2015-02-20 15:39 . 2015-02-20 16:11 -------- d-----w- c:\program files (x86)\UUniDealSi
2015-02-20 15:39 . 2015-02-20 15:39 -------- d-----w- c:\programdata\mogpoehfpbfiaheaphgjflgcfjgjodof
2015-02-20 12:40 . 2015-02-20 12:40 -------- d-----w- c:\programdata\Microsoft Toolkit
2015-02-20 11:38 . 2015-02-21 08:49 -------- d-----w- c:\users\Test
2015-02-17 12:47 . 2015-02-17 14:47 -------- d-----w- c:\users\Design6.at\AppData\Roaming\.purple
2015-02-11 12:17 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 12:16 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-10 11:29 . 2015-02-18 14:29 -------- d-----w- c:\users\Design6.at\AppData\Local\CrashDumps
2015-02-03 11:05 . 2015-02-03 11:05 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 17:08 . 2015-01-13 15:44 84448 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2015-01-13 10:50 . 2015-01-13 10:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-01-13 10:50 . 2015-01-13 10:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-01-13 10:50 . 2015-01-13 10:50 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-01-13 10:50 . 2015-01-13 10:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-01-13 10:50 . 2015-01-13 10:50 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-01-13 10:50 . 2015-01-13 10:50 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-01-13 10:50 . 2015-01-13 10:50 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-01-13 10:50 . 2015-01-13 10:50 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-01-13 10:50 . 2015-01-13 10:50 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-13 10:50 . 2015-01-13 10:50 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-01-13 10:50 . 2015-01-13 10:50 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-01-13 10:50 . 2015-01-13 10:50 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-01-13 10:50 . 2015-01-13 10:50 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-01-13 10:50 . 2015-01-13 10:50 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-01-13 10:50 . 2015-01-13 10:50 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-01-13 10:50 . 2015-01-13 10:50 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-01-13 10:50 . 2015-01-13 10:50 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-01-13 10:50 . 2015-01-13 10:50 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-01-13 10:50 . 2015-01-13 10:50 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-01-13 10:50 . 2015-01-13 10:50 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-01-13 10:50 . 2015-01-13 10:50 1643520 ----a-w- c:\windows\system32\DWrite.dll
2015-01-13 10:50 . 2015-01-13 10:50 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-01-13 10:50 . 2015-01-13 10:50 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-01-13 10:50 . 2015-01-13 10:50 1175552 ----a-w- c:\windows\system32\FntCache.dll
2015-01-10 15:57 . 2015-01-10 15:57 1045776 ----a-w- c:\windows\SysWow64\MSJET35.DLL
2015-01-10 15:57 . 2015-01-10 15:57 368912 ----a-w- c:\windows\SysWow64\VBAR332.DLL
2015-01-10 15:57 . 2015-01-10 15:57 252176 ----a-w- c:\windows\SysWow64\MSRD2X35.DLL
2015-01-10 15:57 . 2015-01-10 15:57 24848 ----a-w- c:\windows\SysWow64\MSJTER35.DLL
2015-01-10 15:57 . 2015-01-10 15:57 123664 ----a-w- c:\windows\SysWow64\MSJINT35.DLL
2014-12-19 03:06 . 2015-01-14 09:27 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 09:27 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 09:27 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-08 20:24 . 2014-12-08 20:24 260888 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-12-06 04:17 . 2015-01-14 09:27 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 09:27 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 09:27 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Design6.at\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"GoogleChromeAutoLaunch_4CF9F9D6DF13FA6B77791F18F624F736"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-02-17 843592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2013-07-31 337184]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-07-24 77088]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-07-26 134616]
"Acrobat Assistant 8.0"="d:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-23 3477640]
"EaseUS EPM tray"="d:\program files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe" [2014-11-18 2089056]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
.
c:\users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;d:\program files (x86)\AVG\AVG2015\avgidsagent.exe;d:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SQLAgent$ZOOM;SQL Server Agent (ZOOM);c:\program files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\SQLAGENT.EXE [x]
R4 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avgfws;AVG Firewall;d:\program files (x86)\AVG\AVG2015\avgfws.exe;d:\program files (x86)\AVG\AVG2015\avgfws.exe [x]
S2 avgwd;AVG WatchDog;d:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;d:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 isupdate.exe;InstallShield Application Updater;c:\program files (x86)\InstallShield\isupdate.exe;c:\program files (x86)\InstallShield\isupdate.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSSQL$ZOOM;SQL Server (ZOOM);c:\program files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-21 11:35 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21 11:35]
.
2015-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21 11:35]
.
2015-02-21 c:\windows\Tasks\InstallShield Update Task.job
- c:\windows\system32\wscript.exe [2015-01-11 01:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37 2322576 ----a-w- d:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37 2322576 ----a-w- d:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37 2322576 ----a-w- d:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-12 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-12 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-12 444400]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Greenshot"="d:\program files\Greenshot\Greenshot.exe" [2014-12-29 536576]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: An OneNote s&enden - d:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - d:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-21 20:07:32
ComboFix-quarantined-files.txt 2015-02-21 19:07
.
Vor Suchlauf: 8 Verzeichnis(se), 10.429.390.848 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 10.578.362.368 Bytes frei
.
- - End Of File - - 08985C1006175FACB2141303B5089A04
A36C5E4F47E84449FF07ED3517B43A31
|
|
22.02.2015, 09:14
| #5 |
| /// the machine /// TB-Ausbilder | WIN7: Google Suchergebnisse auf Chrome manipuliert Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.02.2015, 12:08
| #6 |
| | Logfiles mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.02.2015 Suchlauf-Zeit: 09:57:48 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.22.03 Rootkit Datenbank: v2015.02.20.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Design6.at Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 395814 Verstrichene Zeit: 4 Min, 23 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 1 PUP.Optional.MultiPlug.A, C:\Program Files (x86)\PCCpnApp, In Quarantäne, [c9b261c015751c1a4ea6e58eb64dd62a], Dateien: 1 PUP.Optional.MultiPlug.A, C:\Program Files (x86)\PCCpnApp\TlUzCsxygCRnWF.dat, In Quarantäne, [c9b261c015751c1a4ea6e58eb64dd62a], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 22/02/2015 um 10:07:32
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Design6.at - DESIGN6AT-PC
# Gestarted von : C:\Users\Design6.at\Downloads\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\UUniDealSi
Ordner Gelöscht : C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\Extensions\ERgPK@o.com
Ordner Gelöscht : C:\ProgramData\mogpoehfpbfiaheaphgjflgcfjgjodof
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7601.18667
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [1202 Bytes] - [22/02/2015 10:06:06]
AdwCleaner[S0].txt - [1124 Bytes] - [22/02/2015 10:07:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1183 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Design6.at on 22.02.2015 at 10:11:37,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.02.2015 at 10:15:31,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Design6.at (administrator) on DESIGN6AT-PC on 22-02-2015 10:17:33
Running from C:\Users\Design6.at\Downloads
Loaded Profiles: Design6.at (Available profiles: Design6.at)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Greenshot) D:\Program Files\Greenshot\Greenshot.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Akamai Technologies, Inc.) C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Akamai Technologies, Inc.) C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Inc.) D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\tv_x64.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-19] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Greenshot] => D:\Program Files\Greenshot\Greenshot.exe [536576 2014-12-29] (Greenshot)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-07-26] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Design6.at\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Design6.at\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080;
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3611461970-3163121172-2511595225-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-3611461970-3163121172-2511595225-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\Extensions\abs@avira.com [2015-02-21]
FF Extension: PCCpnApp - C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\Extensions\BGD@UNj.net [2015-02-21]
FF Extension: FireFTP - C:\Users\Design6.at\AppData\Roaming\Mozilla\Firefox\Profiles\mv25ave8.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-01-14]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]
CHR Extension: (Google Docs) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-21]
CHR Extension: (YouTube) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-21]
CHR Extension: (Google Search) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-21]
CHR Extension: (Google Sheets) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]
CHR Extension: (Google Wallet) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-21]
CHR Extension: (Gmail) - C:\Users\Design6.at\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 avgfws; D:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; D:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-26] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-21] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-02-20] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSSQL$ZOOM; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\sqlservr.exe [160768 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$ZOOM; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ZOOM\MSSQL\Binn\SQLAGENT.EXE [448512 2012-10-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-12] (AVG Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-30] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418520 2013-06-17] (Realsil Semiconductor Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1512952 2013-08-20] (Sunplus)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-22 10:15 - 2015-02-22 10:15 - 00000630 _____ () C:\Users\Design6.at\Desktop\JRT.txt
2015-02-22 10:10 - 2015-02-22 10:10 - 01388274 _____ (Thisisu) C:\Users\Design6.at\Downloads\JRT.exe
2015-02-22 10:08 - 2015-02-22 10:08 - 00001263 _____ () C:\Users\Design6.at\Desktop\AdwCleaner[S0].txt
2015-02-22 10:05 - 2015-02-22 10:07 - 00000000 ____D () C:\AdwCleaner
2015-02-22 10:05 - 2015-02-22 10:05 - 02126848 _____ () C:\Users\Design6.at\Downloads\AdwCleaner_4.111.exe
2015-02-22 10:05 - 2015-02-22 10:05 - 00001374 _____ () C:\Users\Design6.at\Desktop\mbam.txt
2015-02-22 09:56 - 2015-02-22 10:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 09:55 - 2015-02-22 09:55 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-22 09:55 - 2015-02-22 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-22 09:55 - 2015-02-22 09:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-22 09:55 - 2015-02-22 09:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-22 09:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-22 09:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-22 09:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-22 09:54 - 2015-02-22 09:54 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Design6.at\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-21 20:07 - 2015-02-21 20:07 - 00033981 _____ () C:\ComboFix.txt
2015-02-21 19:42 - 2015-02-21 20:08 - 00000000 ____D () C:\Qoobox
2015-02-21 19:42 - 2015-02-21 20:04 - 00000000 ____D () C:\Windows\erdnt
2015-02-21 19:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-21 19:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-21 19:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-21 19:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-21 19:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-21 19:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-21 19:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-21 19:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-21 19:39 - 2015-02-21 19:39 - 05611903 ____R (Swearware) C:\Users\Design6.at\Desktop\ComboFix.exe
2015-02-21 17:07 - 2015-02-21 17:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 16:56 - 2015-02-21 16:56 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-02-21 16:53 - 2015-02-21 16:53 - 00002229 _____ () C:\Users\Public\Desktop\AVG 1-Klick-Wartung.lnk
2015-02-21 16:53 - 2015-02-21 16:53 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-02-21 16:53 - 2015-02-21 16:53 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk
2015-02-21 16:53 - 2015-02-21 16:53 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\AVG
2015-02-21 16:53 - 2015-02-21 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2015-02-21 16:53 - 2015-02-21 16:53 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-21 16:53 - 2015-02-12 17:39 - 00041784 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-02-21 16:53 - 2015-02-12 17:39 - 00030520 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-02-21 16:53 - 2015-02-12 17:39 - 00025912 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2015-02-21 16:52 - 2015-02-21 16:53 - 00000000 ____D () C:\ProgramData\AVG
2015-02-21 16:52 - 2015-02-21 16:52 - 113399608 _____ (AVG Technologies) C:\Users\Design6.at\Downloads\avg_tuh_stf_all_2015_393_24c34.exe
2015-02-21 16:52 - 2015-02-21 16:52 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\Avg
2015-02-21 16:25 - 2015-02-21 16:25 - 00088678 _____ () C:\Users\Design6.at\Downloads\gmer.txt
2015-02-21 16:16 - 2015-02-21 16:16 - 00380416 _____ () C:\Users\Design6.at\Downloads\Gmer-19357.exe
2015-02-21 16:14 - 2015-02-22 10:17 - 00024466 _____ () C:\Users\Design6.at\Downloads\FRST.txt
2015-02-21 16:14 - 2015-02-21 16:14 - 00037244 _____ () C:\Users\Design6.at\Downloads\Addition.txt
2015-02-21 16:13 - 2015-02-22 10:17 - 00000000 ____D () C:\FRST
2015-02-21 16:13 - 2015-02-21 16:13 - 02086912 _____ (Farbar) C:\Users\Design6.at\Downloads\FRST64.exe
2015-02-21 16:11 - 2015-02-21 16:11 - 00000482 _____ () C:\Users\Design6.at\Downloads\defogger_disable.log
2015-02-21 16:11 - 2015-02-21 16:11 - 00000000 _____ () C:\Users\Design6.at\defogger_reenable
2015-02-21 16:10 - 2015-02-21 16:10 - 00050477 _____ () C:\Users\Design6.at\Downloads\Defogger.exe
2015-02-21 15:52 - 2015-02-21 15:52 - 00178950 _____ () C:\Users\Design6.at\Downloads\OTL.Txt
2015-02-21 15:52 - 2015-02-21 15:52 - 00063678 _____ () C:\Users\Design6.at\Downloads\Extras.Txt
2015-02-21 15:45 - 2015-02-21 15:45 - 00602112 _____ (OldTimer Tools) C:\Users\Design6.at\Downloads\OTL.exe
2015-02-21 15:30 - 2015-02-21 15:30 - 00000000 ____D () C:\Windows\pss
2015-02-21 14:38 - 2015-02-21 14:38 - 00001421 _____ () C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-21 13:33 - 2015-02-21 13:33 - 39739064 _____ (Microsoft Corporation) C:\Users\Design6.at\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-21 12:38 - 2015-02-21 12:38 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Design6.at\Downloads\avira_de_av___ws.exe
2015-02-21 12:35 - 2015-02-22 10:08 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 12:35 - 2015-02-21 19:41 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 12:35 - 2015-02-21 12:35 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-21 12:35 - 2015-02-21 12:35 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-21 12:35 - 2015-02-21 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-21 12:03 - 2015-02-21 12:05 - 00002714 _____ () C:\Users\Design6.at\Downloads\software_removal_tool.log
2015-02-21 11:58 - 2015-02-21 11:58 - 00880208 _____ (Google Inc.) C:\Users\Design6.at\Downloads\ChromeSetup.exe
2015-02-21 11:56 - 2015-02-21 11:56 - 00000812 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-21 11:32 - 2015-02-21 11:32 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-21 11:31 - 2015-02-21 11:31 - 04196968 _____ (Piriform Ltd) C:\Users\Design6.at\Downloads\ccsetup502_slim.exe
2015-02-20 19:26 - 2015-02-22 10:09 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-20 19:26 - 2015-02-21 08:57 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-20 19:23 - 2015-02-20 19:23 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-20 19:23 - 2015-02-20 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-20 19:23 - 2015-02-20 19:23 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-20 19:23 - 2015-02-20 19:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-20 19:20 - 2015-02-20 19:20 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-20 18:39 - 2015-02-21 12:00 - 00000468 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-20 18:39 - 2015-02-20 19:08 - 00003224 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-20 18:39 - 2015-02-20 19:08 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-20 18:26 - 2015-02-20 18:26 - 00000000 ____D () C:\Users\Design6.at\.swt
2015-02-20 18:24 - 2015-02-20 18:32 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Azureus
2015-02-20 18:18 - 2015-02-20 18:25 - 00000000 ____D () C:\Users\Design6.at\Documents\Outlook Files
2015-02-20 18:17 - 2015-02-20 18:16 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2015-02-20 16:44 - 2015-02-20 16:44 - 00003214 _____ () C:\Windows\System32\Tasks\{B2FD8413-1137-4802-8888-998CD470D8F2}
2015-02-20 16:42 - 2015-02-20 16:42 - 00000000 ____D () C:\ProgramData\oiioioicnlbidlgkanljnbdgdcoicbff
2015-02-20 13:40 - 2015-02-20 13:40 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-20 12:38 - 2015-02-21 09:49 - 00000000 ____D () C:\Users\Test
2015-02-17 13:47 - 2015-02-17 15:47 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\.purple
2015-02-11 13:18 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 13:18 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 13:18 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 13:18 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 13:18 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 13:18 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 13:18 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 13:17 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 13:17 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 13:17 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 13:17 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 13:17 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 13:17 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 13:17 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 13:17 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 13:17 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 13:17 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 13:17 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 13:17 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 13:17 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 13:17 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 13:17 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 13:17 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 13:17 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 13:17 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 13:17 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 13:17 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 13:17 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 13:17 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 13:17 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 13:17 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 13:17 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 13:17 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 13:17 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 13:17 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 13:17 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 13:17 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 13:17 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 13:17 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 13:17 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 13:17 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 13:17 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 13:17 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 13:17 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 13:17 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 13:17 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 13:17 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 13:16 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 12:29 - 2015-02-18 15:29 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\CrashDumps
2015-02-04 15:08 - 2015-02-16 10:23 - 00002002 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-02-03 12:05 - 2015-02-03 12:05 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-03 12:05 - 2015-02-03 12:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 12:01 - 2015-01-26 12:01 - 00097840 _____ () C:\Windows\Birds of Paradise PERSONAL USE ONLY.ttf
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-22 10:14 - 2009-07-14 05:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-22 10:14 - 2009-07-14 05:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-22 10:11 - 2015-01-10 16:39 - 02046118 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 10:09 - 2015-01-13 10:03 - 00005108 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Design6at-PC-Design6.at Design6at-PC
2015-02-22 10:08 - 2015-01-20 12:55 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Dropbox
2015-02-22 10:08 - 2010-11-21 04:47 - 00172512 _____ () C:\Windows\PFRO.log
2015-02-22 10:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 10:08 - 2009-07-14 05:51 - 00036323 _____ () C:\Windows\setupact.log
2015-02-22 10:02 - 2015-01-12 18:21 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\Adobe
2015-02-22 09:58 - 2015-01-10 17:35 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-21 20:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-21 19:57 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-21 19:47 - 2015-01-10 16:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-21 16:56 - 2015-01-13 11:24 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Skype
2015-02-21 16:56 - 2015-01-11 00:35 - 00000000 ____D () C:\Windows\Panther
2015-02-21 16:56 - 2015-01-10 16:49 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\hpqLog
2015-02-21 16:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-02-21 16:25 - 2015-01-10 17:09 - 00000000 ____D () C:\Users\Design6.at\Documents\Bluetooth Folder
2015-02-21 16:11 - 2015-01-10 16:39 - 00000000 ____D () C:\Users\Design6.at
2015-02-21 15:27 - 2015-01-10 16:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-21 14:38 - 2015-01-10 16:40 - 00001455 _____ () C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-21 14:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-21 14:24 - 2015-01-11 22:04 - 00000000 ____D () C:\Users\Design6.at\Documents\Outlook-Dateien
2015-02-21 12:35 - 2015-01-10 17:22 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-21 12:00 - 2015-01-10 17:21 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\Google
2015-02-21 08:57 - 2015-01-10 17:07 - 00151104 _____ () C:\Users\Design6.at\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-21 08:57 - 2009-07-14 05:45 - 05905360 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-20 19:24 - 2015-01-11 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-20 19:23 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\ShellNew
2015-02-20 19:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-20 19:20 - 2015-01-11 21:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-20 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-20 19:20 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-20 18:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-20 12:50 - 2009-07-14 06:13 - 00733056 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 12:39 - 2015-01-10 17:17 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-20 12:38 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-19 17:38 - 2015-01-22 11:47 - 00000132 _____ () C:\Users\Design6.at\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-02-19 09:36 - 2015-01-13 16:58 - 00000000 ____D () C:\Users\Design6.at\AppData\Local\Greenshot
2015-02-16 10:23 - 2015-01-13 14:23 - 00000728 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-16 10:05 - 2015-01-20 12:56 - 00000000 ____D () C:\Users\Design6.at\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 12:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 14:19 - 2015-01-13 15:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 14:19 - 2015-01-13 15:54 - 00000000 ____D () C:\Windows\system32\appraiser
==================== Files in the root of some directories =======
2015-01-22 11:47 - 2015-02-19 17:38 - 0000132 _____ () C:\Users\Design6.at\AppData\Roaming\Adobe PNG Format CS5 Prefs
Some content of TEMP:
====================
C:\Users\Design6.at\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp90tmf9.dll
C:\Users\Design6.at\AppData\Local\Temp\Quarantine.exe
C:\Users\Design6.at\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 12:31
==================== End Of Log ============================
--- --- --- --- --- --- Danke dir für die Rückmeldung. Malwarebytes Anti-Malware hat 2 Objekte gefunden und in Quarantäne gelegt. Das Logfile ist oben in meinem Post. Jedoch besteht das Problem weiterhin. |
|
22.02.2015, 18:33
| #7 |
| /// the machine /// TB-Ausbilder | WIN7: Google Suchergebnisse auf Chrome manipuliertESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu WIN7: Google Suchergebnisse auf Chrome manipuliert |
| 0x8007042, adware, akamai, antivir, antivirus, avira, ccsetup, cpu, desktop, device driver, einstellung, einstellungen, fehler, firefox, flash player, format, google, installation, kmspico, malware / spyware, mozilla, registry, scan, secur, security, starten, svchost.exe, system, usb, virus, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
