| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sicherheitsupdate für W7 wiederholt sich..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.03.2015, 04:06
| #1 |
 |  Sicherheitsupdate für W7 wiederholt sich.. Ich weiß leider nichtmal genau ob man das als Schädling einstufen kann. Ich habe seit Mai 2014 ein bestimmtes Sicherheitsupdate von Windows 7 (64bit), das sich ständig neu installieren will. Es wird im Windows Update Verlauf wie folgt gelistet und ist an manchen Tagen etwa 5x vertreten: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2871997) Naja das Problem ist, egal wie oft ich's installiere (es wird mir auch gemeldet, dass es korrekt installiert wurde), nach 5 Minuten kommt dann aber die Meldung(es muss nichtmal ein Neustart erfolgt sein): Neue Updates sind verfügbar - 1 wichtiges Update ist verfügbar! Und ebendieses Update ist immer das gleiche ->(KB2871997) Screenshot: abload.de/img/kb2871997_543573803ryi.jpg Ich hab' vor einiger Zeit einen Windows Update Fix probiert, aber das war ohne Erfolg und so blieb das Problem bestehen. Hat jemand vielleicht Rat oder kennt diese Problematik? |
|
07.03.2015, 10:15
| #2 |
| /// the machine /// TB-Ausbilder    | Sicherheitsupdate für W7 wiederholt sich.. hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.03.2015, 13:31
| #3 |
| | Sicherheitsupdate für W7 wiederholt sich.. FRST.txt
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by ***** (administrator) on ACER-A-5750G on 07-03-2015 13:00:54
Running from C:\mediaTOOLS\FSRT64 - Analysetool
Loaded Profiles: ***** & postgres (Available profiles: ***** & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(PcWinTech.com) C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(GameplayCrush) C:\mediaTOOLS\WindowedBorderlessGaming_2.1.0.0\WindowedBorderlessGaming.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Valve Corporation) C:\STEAM\Steam.exe
(Valve Corporation) C:\STEAM\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\STEAM\bin\steamwebhelper.exe
(MPC-HC Team) C:\Program Files (x86)\MPC-HC\mpc-hc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-08-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1208944 2015-02-12] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Run: [TrueCrypt] => C:\TrueCrypt\TrueCrypt.exe [1516496 2012-07-08] (TrueCrypt Foundation)
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Run: [] => [X]
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\RunOnce: [Adobe Speed Launcher] => 1425622892
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {02eeeef4-2cfb-11e1-ba90-001e101f3315} - J:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {0475378d-32aa-11e2-8192-ccaf782b6b87} - F:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {275d2127-8503-11e4-bf0b-001e101fb681} - J:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {70b29a9b-66a5-11e3-a510-95cbebbf525b} - E:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {72346b6d-066f-11e1-bd5a-ccaf782b6b87} - G:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {93b6411b-d8e9-11e1-a64f-a80ba72e425a} - G:\Startup.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {adcea6d9-382f-11e2-bf41-ccaf782b6b87} - G:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {b5f2c873-01a7-11e3-85cc-b870f4b50047} - E:\LGAutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {c118cd0b-05ab-11e1-9044-ccaf782b6b87} - J:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {c118cd17-05ab-11e1-9044-ccaf782b6b87} - A:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {c80d1c00-2a1c-11e3-9dec-b870f4b50047} - H:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {ca276179-6d38-11e1-b750-b870f4b50047} - E:\Startme.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {e8848cab-6ef1-11e1-8bb0-001e101f8aaa} - F:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {eb496a0c-f8de-11e0-9bb8-ccaf782b6b87} - E:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {eb496a1a-f8de-11e0-9bb8-ccaf782b6b87} - F:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\MountPoints2: {eec7add2-fa75-11e0-b411-ccaf782b6b87} - E:\AutoRun.exe
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1687097068-401554184-1692899982-1054\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\S-1-5-21-1687097068-401554184-1692899982-1054\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\*****\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-02-07] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-08-01] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} => No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => No File
ShellIconOverlayIdentifiers-x32: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} => No File
ShellIconOverlayIdentifiers-x32: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://acer.de.msn.com/
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1687097068-401554184-1692899982-1054 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
Toolbar: HKU\S-1-5-21-1687097068-401554184-1692899982-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{05DE8C78-3AC9-4B2C-9D85-13F5F33A6FFC}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{26141D4E-6B47-47A4-BE21-0F9864CC4ED8}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{28490DBF-A1C0-4920-AF28-50ECAEC29186}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{3B5A7CEE-5BDD-41C2-8099-5B5B5E9F3473}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{60AA6E3A-F8B7-4493-B253-ED25FEC3BE48}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{6D6AD976-9958-4895-B655-7562A517A433}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{7236F28B-4F21-47D1-BDB6-6FEF4857AD9A}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{ACFBF600-384E-4311-B0B7-79BC6ED5A56E}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BB5550E0-672D-4085-89B5-6D45CA7386B3}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BE6BFEF7-058C-4742-A3B9-624C3714AA79}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{D893661C-D7C1-49DF-AAC3-BCEA438691C7}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{E6B34D56-B1B1-4ACF-9922-063A5EBB478F}: [NameServer] 193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\firebug@software.joehewitt.com.xpi [2014-12-07]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\firefox@ghostery.com.xpi [2015-02-04]
FF Extension: Mailvelope - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-02-26]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-07]
FF Extension: QuickImage - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{B9FBA24F-5573-4889-80AC-80809FB9C425}.xpi [2014-12-11]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07]
FF Extension: Greasemonkey - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-12]
FF Extension: QuickJava - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-11]
FF Extension: UnMHT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-10-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360网页保护 - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2014-11-23]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2015-01-01] (EasyAntiCheat Ltd)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2011-10-17] () [File not signed]
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S4 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-07] ()
R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2011-04-15] (PostgreSQL Global Development Group) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [813680 2015-02-12] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 CLKMSVC10_9EC60124; "C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe" /svc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2014-11-20] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-02-12] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-02-12] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-11-20] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [314448 2015-02-12] (Qihu 360 Software Co., Ltd.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
S1 Aspi32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-26] ()
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2015-02-12] (Qihu 360 Software Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-25] (Disc Soft Ltd)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-10-17] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-28] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-25] () [File not signed]
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
R0 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-01-08] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
U2 TwoToXDfrgSrvc; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 05:44 - 2015-03-07 13:00 - 00000000 ____D () C:\FRST
2015-03-06 07:01 - 2015-03-06 07:02 - 02126848 _____ () C:\Users\*****\Downloads\AdwCleaner_4.111.exe
2015-03-06 06:37 - 2015-03-06 06:37 - 01388333 _____ (Thisisu) C:\Users\*****\Downloads\JRT(1).exe
2015-03-06 05:17 - 2015-03-06 05:18 - 07019963 _____ () C:\Users\*****\Downloads\Forsaken 64 (E).zip
2015-03-06 04:00 - 2015-03-06 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2015-03-06 04:00 - 2015-03-06 04:00 - 00000000 ____D () C:\Program Files (x86)\Project64 2.1
2015-03-06 03:59 - 2015-03-06 04:00 - 04489075 _____ ( ) C:\Users\*****\Downloads\setup Project64 2.1.exe
2015-03-05 23:42 - 2015-03-05 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-03-05 18:15 - 2015-03-05 18:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Ndemic Creations
2015-03-04 20:29 - 2015-03-04 20:29 - 00000000 ____D () C:\Users\*****\Documents\SEGA
2015-03-02 00:23 - 2015-03-06 07:15 - 00000021 _____ () C:\Windows\S.dirmngr
2015-03-01 19:27 - 2015-03-01 19:27 - 00000000 ____D () C:\Users\*****\AppData\Local\CAPCOM
2015-03-01 18:13 - 2015-03-01 18:13 - 00012295 _____ () C:\Users\*****\Documents\bafoeg_kram_etc24732897.odt
2015-02-27 21:27 - 2015-02-27 21:44 - 00000000 ____D () C:\Program Files (x86)\inCloak VPN
2015-02-27 21:27 - 2015-02-27 21:27 - 00002711 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inCloak VPN.lnk
2015-02-27 21:27 - 2015-02-27 21:27 - 00002705 _____ () C:\Users\Public\Desktop\inCloak VPN.lnk
2015-02-27 21:24 - 2015-02-27 21:24 - 05593268 _____ (Your Company Name ) C:\Users\*****\Downloads\incloak_vpn_1.03.exe
2015-02-26 12:10 - 2015-02-26 12:10 - 00001384 _____ () C:\Users\*****\Documents\Cryptophane.txt
2015-02-26 11:57 - 2015-02-26 12:10 - 00000000 ____D () C:\Program Files (x86)\Cryptophane
2015-02-26 11:57 - 2015-02-26 11:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cryptophane
2015-02-26 11:57 - 2015-02-26 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptophane
2015-02-24 19:14 - 2015-02-24 19:47 - 00014888 _____ () C:\Users\*****\Downloads\movies.odb
2015-02-24 15:43 - 2015-02-24 15:43 - 00034789 _____ () C:\Users\*****\Downloads\Rechnung 70915.0-15 Ihre Bestellung ONL3893 vom 24.02.2015.zip
2015-02-23 15:42 - 2015-03-06 07:14 - 00007400 _____ () C:\Windows\PFRO.log
2015-02-22 16:29 - 2015-02-22 16:29 - 00001113 _____ () C:\Users\Public\Desktop\360 Total Security.lnk
2015-02-22 16:29 - 2015-02-22 16:29 - 00000000 ____D () C:\ProgramData\360TotalSecurity
2015-02-22 01:23 - 2015-02-22 01:23 - 00000000 ____D () C:\Users\*****\AppData\Local\Steam
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\XLMSoft
2015-02-17 18:32 - 2015-02-17 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOOKcook Bücherverwaltung
2015-02-17 18:32 - 2015-02-17 18:32 - 00000000 ____D () C:\Program Files (x86)\XLM Software
2015-02-17 18:28 - 2015-02-17 18:28 - 00967704 _____ (XLM Software Axel Meierhöfer ) C:\Users\*****\Downloads\BOOKcookSetup_v1.43.1(FEB_2015).exe
2015-02-15 15:30 - 2015-02-15 15:30 - 00001958 _____ () C:\Users\*****\Desktop\Kindle.lnk
2015-02-15 15:30 - 2015-02-15 15:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-02-15 15:26 - 2015-02-15 15:29 - 40790520 _____ (Amazon.com) C:\Users\*****\Downloads\KindleForPC-installer(1).exe
2015-02-13 21:37 - 2015-02-13 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Foxit Software
2015-02-13 21:36 - 2015-02-13 21:36 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-02-13 21:36 - 2015-02-13 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-02-13 21:35 - 2015-02-13 21:35 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-02-13 21:27 - 2015-02-13 21:29 - 53078632 _____ (Foxit Software Inc. ) C:\Users\*****\Downloads\FoxitReader708.1216_prom_L10N_Setup.exe
2015-02-13 21:09 - 2015-02-13 21:10 - 04307793 _____ () C:\Users\*****\Downloads\ICE Book Reader 9.4.0 Portable.7z
2015-02-10 21:45 - 2015-02-10 21:46 - 02201614 _____ (Raid-Rush ) C:\Users\*****\Downloads\xupper-setup.exe
2015-02-10 14:21 - 2015-02-10 14:21 - 01976342 _____ () C:\Users\*****\Downloads\LIT.ME.DN.4952581.RAR
2015-02-10 09:42 - 2015-02-10 09:43 - 00000000 ____D () C:\Users\*****\Desktop\Tor Browser
2015-02-10 09:33 - 2015-02-10 09:38 - 34662667 _____ () C:\Users\*****\Downloads\torbrowser-install-4.0.3_de.exe
2015-02-07 15:44 - 2015-03-06 07:16 - 00002308 _____ () C:\Windows\setupact.log
2015-02-07 15:44 - 2015-02-07 15:49 - 04934448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-07 15:44 - 2015-02-07 15:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 07:24 - 2015-02-06 07:24 - 00000955 _____ () C:\Users\*****\Desktop\MakeMKV.lnk
2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2015-02-06 07:23 - 2015-02-06 07:24 - 06449418 _____ (GuinpinSoft inc) C:\Users\*****\Downloads\Setup_MakeMKV_v1.9.1.exe
2015-02-05 11:00 - 2015-02-05 11:00 - 00996044 _____ () C:\Users\*****\Downloads\Meteorite-v0.11-Win32.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 13:00 - 2014-12-17 07:47 - 00000000 ____D () C:\mediaTOOLS
2015-03-07 10:50 - 2011-08-21 02:10 - 01195268 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 06:04 - 2013-09-03 21:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2015-03-07 05:14 - 2011-10-16 16:57 - 00000000 ____D () C:\STEAM
2015-03-07 02:38 - 2011-11-21 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\foobar2000
2015-03-07 00:16 - 2014-10-27 11:04 - 00000000 ____D () C:\Users\*****\AppData\Local\JDownloader 2.0
2015-03-06 20:37 - 2013-12-19 16:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Copy
2015-03-06 07:27 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:27 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:18 - 2013-12-21 21:29 - 00000000 ____D () C:\ProgramData\VMware
2015-03-06 07:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 07:14 - 2014-12-07 12:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 07:06 - 2014-10-29 17:07 - 00000000 ____D () C:\AdwCleaner
2015-03-06 06:35 - 2015-01-27 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 06:34 - 2014-12-07 12:00 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-06 06:34 - 2014-12-07 12:00 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-06 06:34 - 2014-05-20 02:12 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-06 06:34 - 2011-10-15 13:39 - 00001425 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-05 23:42 - 2013-10-02 04:34 - 00000576 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-03-05 20:33 - 2013-10-10 21:03 - 00000000 ___HD () C:\ProgramData\vid
2015-03-05 20:33 - 2013-10-10 21:03 - 00000000 ___HD () C:\ProgramData\tks
2015-03-05 11:59 - 2011-08-21 12:02 - 00704750 _____ () C:\Windows\system32\perfh007.dat
2015-03-05 11:59 - 2011-08-21 12:02 - 00151886 _____ () C:\Windows\system32\perfc007.dat
2015-03-05 11:59 - 2009-07-14 06:13 - 01630642 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 11:34 - 2013-10-02 05:44 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
2015-03-03 06:13 - 2013-10-02 05:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-02 13:42 - 2012-01-27 20:44 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TS3Client
2015-03-02 00:37 - 2013-11-02 11:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gnupg
2015-03-02 00:24 - 2013-09-26 18:46 - 00000000 ____D () C:\Users\postgres
2015-03-01 18:13 - 2014-10-20 07:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2015-03-01 18:13 - 2013-12-17 13:32 - 00000000 ___RD () C:\Dropbox
2015-02-28 04:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-27 23:46 - 2014-11-23 14:12 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-02-27 23:46 - 2014-11-23 14:12 - 00000000 __SHD () C:\$360Section
2015-02-27 23:46 - 2014-11-23 13:35 - 00000000 ____D () C:\ProgramData\360safe
2015-02-27 23:45 - 2012-08-01 17:38 - 00000000 ____D () C:\Users\*****\Downloads\ReFX.Vanguard.VSTi.RTAS.v1.8.0-AiR
2015-02-24 18:09 - 2011-10-19 18:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\IrfanView
2015-02-24 17:58 - 2013-10-02 04:55 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-24 15:22 - 2013-10-07 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Notepad++
2015-02-24 15:22 - 2013-10-07 16:40 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-02-23 17:10 - 2014-11-23 13:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\360safe
2015-02-23 17:09 - 2013-11-05 02:09 - 00000000 ____D () C:\Users\*****\Documents\My Kindle Content
2015-02-23 16:06 - 2011-12-09 00:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2015-02-23 16:05 - 2012-05-03 11:51 - 00001028 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2015-02-23 16:05 - 2012-05-03 11:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-22 16:33 - 2012-07-09 06:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-18 04:27 - 2011-11-08 21:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SoftGrid Client
2015-02-17 02:22 - 2013-11-05 01:13 - 00000000 ____D () C:\Users\*****\Documents\Calibre Library
2015-02-16 03:02 - 2012-07-09 18:26 - 00001063 _____ () C:\Users\*****\Documents\iTLU_profile_a.itlu
2015-02-15 15:30 - 2011-11-26 02:32 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-14 11:36 - 2011-11-11 02:58 - 00012288 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 21:22 - 2014-04-08 22:12 - 00000000 ____D () C:\Program Files (x86)\ICE Book Reader Professional
2015-02-12 14:35 - 2014-11-23 13:37 - 00077896 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-02-12 14:35 - 2014-11-23 13:35 - 00314448 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360fsflt.sys
2015-02-12 14:35 - 2014-11-23 13:35 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2015-02-12 14:35 - 2014-11-23 13:34 - 00305736 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2015-02-10 12:18 - 2014-04-08 20:53 - 00000000 ____D () C:\Users\*****\Downloads\ebooks
2015-02-06 10:40 - 2013-04-18 22:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\HandBrake
2015-02-06 07:17 - 2014-12-16 10:11 - 00000040 ___SH () C:\ProgramData\.zreglib
2015-02-06 07:05 - 2014-10-23 20:13 - 00000000 ____D () C:\Metabones
2015-02-06 06:23 - 2012-07-03 17:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 06:23 - 2011-10-15 14:00 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2015-02-06 06:23 - 2011-07-22 05:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-11-07 01:33 - 2014-11-07 01:33 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-10-15 18:16 - 2011-10-16 00:13 - 0000288 _____ () C:\Users\*****\AppData\Roaming\.backup.dm
2012-01-23 19:49 - 2015-01-30 02:27 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-04-27 00:20 - 2015-02-01 01:43 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-31 02:41 - 2014-03-31 02:49 - 0002352 _____ () C:\Users\*****\AppData\Roaming\ASSDraw3.cfg
2011-10-19 19:08 - 2013-07-19 00:42 - 0000072 _____ () C:\Users\*****\AppData\Roaming\burnaware.ini
2012-06-20 04:23 - 2012-06-20 04:28 - 0311550 _____ () C:\Users\*****\AppData\Roaming\CodecsLE_Install.log
2012-06-20 04:26 - 2012-06-20 04:26 - 0314526 _____ () C:\Users\*****\AppData\Roaming\CodecsPE_Install.log
2015-01-10 00:30 - 2015-01-10 00:45 - 0000652 _____ () C:\Users\*****\AppData\Roaming\haj-log_2015-01-10 00_30_45.mjf
2012-06-19 16:13 - 2012-06-19 16:43 - 10008278 _____ () C:\Users\*****\AppData\Roaming\MediaComposer_Install.log
2013-12-08 14:15 - 2013-12-08 14:33 - 0001331 _____ () C:\Users\*****\AppData\Roaming\SplotchesConfig.dat
2012-01-23 16:57 - 2012-11-04 11:10 - 0001456 _____ () C:\Users\*****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2011-11-11 02:58 - 2015-02-14 11:36 - 0012288 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 16:34 - 2014-12-21 08:40 - 18831572 _____ () C:\Users\*****\AppData\Local\OcrMap.bin
2012-07-16 08:40 - 2012-07-16 08:40 - 0007607 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-12-16 10:11 - 2015-02-06 07:17 - 0000040 ___SH () C:\ProgramData\.zreglib
2011-08-21 02:32 - 2011-08-21 02:34 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-10-19 06:28 - 2014-10-19 06:28 - 0000000 _____ () C:\ProgramData\JonDoFox.paf.exe
2011-10-19 22:41 - 2011-10-19 22:41 - 0000139 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-08-06 17:08 - 2013-08-06 17:09 - 0000032 _____ () C:\ProgramData\PS.log
Files to move or delete:
====================
C:\ProgramData\JonDoFox.paf.exe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7gkkcl.dll
C:\Users\*****\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\*****\AppData\Local\Temp\proxy_vole8766952842855467977.dll
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 04:09
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Kommentar: -Hab den Log mal durgeschaut und meinen Nutzernamen wie empfohlen durch ***** ersetzt, der Nutzer postgres ist mir unbekannt und wurde NIE erstellt.. -Bei Avast wurde probiert, es zu entfernen.. anscheinend nach dem Log aber noch Rückstände? Nutze nun 360 Security.. -Bei LastPass & Cloudfrogger sind anscheinend auch noch Reste da obwohl früher deinstalliert?! -Ich hatte früher mal eine Komplettinstallation von Visual Studio am laufen, während dessen gab's bei mir einen Stromausfall in der Stadt. Viele Sachen die geändert wurden musste ich mühselig per Hand deinstallieren um eine Neuistallation zu ermöglichen und ich vermute da ist vielleicht einiges durcheinander gekommen.. Geändert von Zenon49 (07.03.2015 um 13:39 Uhr) Grund: Kommentar hinzugefügt |
|
07.03.2015, 13:40
| #4 |
| | Sicherheitsupdate für W7 wiederholt sich..Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by ***** at 2015-03-07 13:01:39
Running from C:\mediaTOOLS\FSRT64 - Analysetool
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled
manually.)
Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 6.0.0.1140 - 360 Security Center)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2
- Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version:
15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems
Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Aiseesoft Blu-ray Player 6.2.28 (HKLM-x32\...\{3E1A13C3-E458-4995-BEA6-4B9BE279D502}_is1) (Version: 6.2.28 - Aiseesoft Studio)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.1 - Microsoft Corporation) Hidden
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.10.0.574 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BluFab 9.1.4.4 (05/06/2014) (HKLM-x32\...\BluFab 9_is1) (Version: - BluFab Software)
BOOKcook Bücherverwaltung 1.43.1 (HKLM-x32\...\BOOKcook Bücherverwaltung_is1) (Version: - XLM Software Axel Meierhöfer)
Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version:
15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version:
15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version:
15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version:
15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version:
15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version:
15.4.5722.2 - Microsoft Corporation)
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version: - SEGA)
Cryptophane 0.7.0 (HKLM-x32\...\Cryptophane_is1) (Version: 0.7.0 - eCOSM)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Darkout (HKLM-x32\...\Steam App 257050) (Version: - Allgraf)
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version: - Rising Star Games)
Desura (HKLM-x32\...\Desura) (Version: 100.58 - Desura)
Desura: BEEP (HKLM-x32\...\Desura_62843961475104) (Version: Full - Big Fat Alien)
Desura: Lunar Wish: Orbs Of Fate (HKLM-x32\...\Desura_101640401059872) (Version: Full - lustermx)
Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)
Desura: OpenArena (HKLM-x32\...\Desura_24597277704224) (Version: Full - FSFPS project contributors)
Desura: Particulars (HKLM-x32\...\Desura_95674691485728) (Version: Alpha - SeeThrough Studios)
Desura: Project Zomboid (HKLM-x32\...\Desura_62350040236064) (Version: Alpha - The Indie Stone)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
DF CrcSfv 1.3 (HKLM-x32\...\DF CrcSfv_is1) (Version: - Frischalowski EDV-Beratung)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version: - Daedalic Entertainment)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 -
Microsoft Corporation)
Epic Battle Fantasy 4 (HKLM-x32\...\Steam App 265610) (Version: - Matt Roszak)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: - )
Erforderliche Komponenten für SSDT (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft
Corporation)
Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version: - Stardock Entertainment)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FFMpegSource Plugin (HKLM-x32\...\FFMpegSource Plugin_is1) (Version: - )
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-
3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GetNZB Version 1.370 (HKLM-x32\...\GetNZB_is1) (Version: 1.370 - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Helium Audio Joiner (build 331) (HKLM-x32\...\{1C7BCE67-6479-4D56-AD92-E50479028171}_is1) (Version: 1.9.0.331 - Imploded Software)
Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version: - )
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\ICQ) (Version: 8.2.6901.0 - ICQ)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
inCloak VPN (HKLM-x32\...\{23493C78-637B-4A3F-BE08-CE9A2E6241A9}) (Version: 1.03 - Your Company Name)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 -
Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2
- Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 64 (HKLM-x32\...\InstallShield_{58BF5D14-CBCF-473C-B0E0-A7955A23224E}) (Version: - )
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version: - Stainless Games)
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes
Corporation)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Memory Profiler (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 -
Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft
Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft
Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 -
Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft
Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 -
Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft
Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft
Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft
Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft
Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 -
Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 -
Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft
Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft
Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft
Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft
Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft
Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 -
Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version:
12.0.30919.1 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 2.0 (HKLM-x32\...\{F17B8386-A74A-4E4E-A7DD-435372991E14}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version:
8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft
Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft
Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft
Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft
Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version:
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729
- Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version:
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219
- Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version:
11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version:
11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version:
11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version:
11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version:
12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version:
12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64))
(Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for
Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 mit Update 3 (HKLM-x32\...\{c5f1b3cc-a03d-44d8-be17-21252a106599}) (Version: 12.0.30723 -
Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft
Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft
Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 -
Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 -
Microsoft Corporation)
Moppi Flower Saver 1.0 (HKLM-x32\...\Moppi Flower Saver Installer_is1) (Version: - )
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
MSU Video Quality Measurement Tool 3.0 DEMO 3.0 (HKLM\...\MSU Video Quality Measurement Tool 3.0 DEMO_is1) (Version: - MSU CS
Graphics & Media Lab (Video Group))
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA CUDA Samples 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDASamples_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVisualStudioIntegration_6.5) (Version:
6.5 - NVIDIA Corporation)
NVIDIA GPU Deployment Kit 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GDK) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 4.1.0.14204 (HKLM\...\{FEDB4463-83C0-4259-B119-5FE9C64A277F}) (Version: 4.1.0.14204 - NVIDIA
Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA
Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{4D983759-07FC-4571-BB59-58C9BBADECC5}) (Version: 1.00.00.00 - NVIDIA
Corporation)
NVIDIA Update 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.23 - NVIDIA
Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706})
(Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31})
(Version: 15.4.5722.2 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-
6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005
- Microsoft Corporation) Hidden
Pauker (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Pauker) (Version: - Ronny Standtke)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Python Tools - Umleitungsvorlage (x32 Version: 1.2 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version: - CAPCOM Co., Ltd.)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe)
(Version: 1.0.0 - DMAILER)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version: - Harebrained Schemes)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Sigil 0.8.2 (HKLM\...\Sigil_is1) (Version: - John Schember)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 4.0.1410.24) (Version: 4.0.1410.24 - Solveig
Multimedia)
Spotify (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Swirl Abstracts Screensaver (HKLM-x32\...\{4c94c56f-d808-406b-a7d1-0f956de45a8a}) (Version: 1.0.0.0 - InstallX, LLC) <==== ATTENTION
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.62 - NesterSoft Inc.)
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version: - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version: - Core Design)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version: - Crystal Dynamics)
TP-LINK TL-WN721N_WN722N Treiber (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.2.1 - TP-LINK)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
Unreal Development Kit: 2012-10 (HKLM\...\UDK-0a6a40ea-8287-4f25-ac5a-8c34b192a2bc) (Version: - Epic Games, Inc.)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2
- Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 -
Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-1 - IDRIX)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft
Corporation)
Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft
Corporation)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F})
(Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 -
Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 -
Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 -
Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version:
15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 -
Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 -
Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 -
Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version:
05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
YAMB (HKLM-x32\...\YAMB) (Version: - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F})
(Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version:
15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft
Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft
Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 -
Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft
Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 ->
C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
23-02-2015 16:28:51 Geplanter Prüfpunkt
23-02-2015 17:10:38 Windows Update
23-02-2015 17:12:54 Windows Update
27-02-2015 21:26:07 Installed inCloak VPN.
27-02-2015 21:29:54 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
07-03-2015 03:46:44 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2011-10-17 01:09 - 00002013 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 practivate.adobe.de
127.0.0.1 ereg.adobe.de
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 wip3.adobe.de
127.0.0.1 3dns-3.adobe.de
There are 8 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be
moved.)
Task: {0172E992-E646-49FF-8B3A-469A29270AA3} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM
\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {2CAD0DF8-C7F0-4EC2-A9B6-A7C1E630629F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21]
(Piriform Ltd)
Task: {2EBAF774-0FC2-462D-9AEC-1661DD36D74F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {4DBA96C8-2A39-4E3F-95BB-AC16C0C195AB} - System32\Tasks\CleanMem Mini Monitor => C:\Program Files (x86)\CleanMem
\mini_monitor.exe [2012-09-20] (PcWinTech.com)
Task: {4FFC8C6F-854C-4DD0-A731-63854D664787} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA No Task File
<==== ATTENTION
Task: {6D55F12D-EB29-420E-B3BA-44B545ACFC5C} - \LaunchApp No Task File <==== ATTENTION
Task: {8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core No Task File
<==== ATTENTION
Task: {90C36BFD-4BF6-4086-AD5B-A3E4BC351F95} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B2090BC7-797E-4A64-A768-2964C3CCC0D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software
Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B48AF527-D3AB-4E96-88D9-0D756DF4CC22} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast
\AvastEmUpdate.exe
Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - \Adobe Reader Speed Launcher No Task File <==== ATTENTION
Task: {C63B5B04-E629-4896-8F00-E2D97FFB3B28} - System32\Tasks\AdobeAAMUpdater-1.0-acer-a-5750g-***** => C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {CC220CD3-C427-4154-A3B3-F59CD895A618} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-20]
(PcWinTech.com)
Task: {FEF89A0A-55EB-4DAA-8E53-27B7837036C4} - System32\Tasks\{34EE32BD-3F39-4310-9FC9-9238E6DD1C78} => pcalua.exe -a C:\Users\*****
\Downloads\VirtualBox-4.3.4-91027-Win.exe -d C:\Users\*****\Downloads
==================== Loaded Modules (whitelisted) ==============
2014-11-23 13:34 - 2015-02-12 14:35 - 00813680 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
2014-10-26 23:05 - 2014-08-01 06:42 - 00013272 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-27 00:08 - 2014-08-01 04:45 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-23 13:34 - 2015-02-12 14:35 - 00612944 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-02-02 02:30 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2013-10-07 15:54 - 2013-10-07 15:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2010-11-16 14:38 - 2010-11-16 14:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2011-10-17 18:03 - 2011-10-17 18:02 - 00514048 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2013-09-05 21:00 - 2013-09-07 02:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-26 18:43 - 2011-04-15 13:13 - 00216064 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2013-09-26 18:43 - 2010-05-07 08:48 - 01333760 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2014-06-12 16:44 - 2014-06-12 16:44 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2011-07-22 05:54 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-23 13:34 - 2015-02-12 14:35 - 01208944 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support
\libxml2.dll
2014-10-26 23:05 - 2014-08-01 06:42 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 15:47 - 2013-10-07 15:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 15:44 - 2013-10-07 15:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00428032 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00261632 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 02415104 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 09515520 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00381952 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.DLL
2011-10-17 18:03 - 2011-10-17 18:02 - 00218112 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00135168 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00545280 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00238080 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00301056 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00235008 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00159232 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00176128 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00264704 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00217600 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00156672 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00338432 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00106496 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 01077248 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00670720 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00550400 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00547840 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00211968 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00101376 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00180224 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00131072 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 01101824 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00278528 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00495104 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00123392 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00184832 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00308224 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00117760 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00428032 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00093184 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00333312 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00249344 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00483328 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00808960 _____ () C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00739328 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00239104 _____ () C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL
2011-10-17 18:03 - 2011-10-17 18:03 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00229888 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00082944 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00081920 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00192000 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00350720 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00370176 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2011-07-18 22:07 - 2011-07-18 22:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-07 00:42 - 2014-01-07 00:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2014-03-10 21:47 - 2014-03-10 21:47 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop
\ae685719bd599604bdf031cdad0ba38a\IsdiInterop.ni.dll
2011-07-22 05:10 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-12 17:10 - 2014-11-11 19:47 - 00774656 _____ () C:\STEAM\SDL2.dll
2015-02-07 16:26 - 2014-12-02 01:29 - 05002752 _____ () C:\STEAM\v8.dll
2015-02-07 16:26 - 2014-12-02 01:29 - 01612800 _____ () C:\STEAM\icui18n.dll
2015-02-07 16:26 - 2014-12-02 01:29 - 01210368 _____ () C:\STEAM\icuuc.dll
2014-05-22 02:54 - 2015-02-19 00:51 - 02360000 _____ () C:\STEAM\video.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 02396672 _____ () C:\STEAM\libavcodec-56.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 00442880 _____ () C:\STEAM\libavutil-54.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 00479744 _____ () C:\STEAM\libavformat-56.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 00332800 _____ () C:\STEAM\libavresample-2.dll
2014-09-25 17:01 - 2014-12-01 22:31 - 00485888 _____ () C:\STEAM\libswscale-3.dll
2011-10-16 16:57 - 2015-02-19 00:51 - 00702656 _____ () C:\STEAM\bin\chromehtml.DLL
2011-10-16 16:57 - 2015-01-28 02:30 - 34641288 _____ () C:\STEAM\bin\libcef.dll
2014-09-25 17:01 - 2015-01-28 02:30 - 01709960 _____ () C:\STEAM\bin\ffmpegsumo.dll
2014-11-17 03:27 - 2014-10-05 16:18 - 00239864 _____ () C:\Program Files (x86)\MPC-HC\LAVFilters\libbluray.dll
2014-12-16 13:36 - 2014-06-28 16:39 - 03502592 _____ () C:\Program Files (x86)\ffdshow\ffdshow.ax
2012-07-03 16:43 - 2012-07-03 16:43 - 00797184 _____ () C:\Program Files (x86)\RapidSolution\Audials 9\ac3filter.ax
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft:1YL26yuNMhJebFkOF0
AlternateDataStreams: C:\ProgramData\Microsoft:lENnA5vff516fFhzmuW
AlternateDataStreams: C:\Users\*****\Cookies:cygM3w0l6CBJC2n9wN
AlternateDataStreams: C:\Users\*****\AppData\Local\iNN2YC20irDVgW:WKa4N2Bptibo15RqduIuUQPCV
AlternateDataStreams: C:\Users\*****\AppData\Local\nx0yC7wG2l:uZ4VAZHWL1s3FnY547Srz2U
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:ESNGrHTQEM5OtEgbVQId
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:IJbfx6utWWRMKl3UM7p
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:ODT82Af2glL7afdCP
AlternateDataStreams: C:\Users\*****\AppData\Local\vC0gfSXfKSm1:OI6R9NoE3JlZMy8Ig2FLnA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Control Panel\Desktop\\Wallpaper -> C:\Program Files (x86)\Walyk Wallpaper Changer
\wwc_wallpaper.bmp
DNS Servers: 193.189.244.225 - 193.189.244.206
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: Giraffic => 2
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: M4LIC => 2
MSCONFIG\Services: MacDrive8Service => 2
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: PaceLicenseDServices => 2
MSCONFIG\Services: PCSUITEDFRGSVC => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss
\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wecker für Windows 6.lnk => C:
\Windows\pss\Wecker für Windows 6.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss
\Xfire.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -
launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Copy => "C:\Users\*****\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: Facebook Update => "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Getting started with MacDrive 8 => "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
MSCONFIG\startupreg: ICQ => C:\Users\*****\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NapsterShell => C:\Program Files (x86)\Napster\napster.exe /systray
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Update Service => C:\Program Files (x86)\Common Files\Teknum Systems\update.exe "/startup"
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
==================== Accounts: =============================
A5108FB4EE024DCDA5F9 (S-1-5-21-1687097068-401554184-1692899982-1113 - Limited - Enabled)
Administrator (S-1-5-21-1687097068-401554184-1692899982-500 - Administrator - Disabled)
Gast (S-1-5-21-1687097068-401554184-1692899982-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1687097068-401554184-1692899982-1003 - Limited - Enabled)
***** (S-1-5-21-1687097068-401554184-1692899982-1001 - Administrator - Enabled) => C:\Users\*****
postgres (S-1-5-21-1687097068-401554184-1692899982-1054 - Limited - Enabled) => C:\Users\postgres
==================== Faulty Device Manager Devices =============
Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the
instructions.
Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the
instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2015 01:00:38 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern
der Änderungen am Crawl Scope-Manager: >.
Error: (03/07/2015 01:00:38 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:
<20, 0x80071a91, "">.
Error: (03/07/2015 01:00:22 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern
der Änderungen am Crawl Scope-Manager: >.
Error: (03/07/2015 01:00:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:
<20, 0x80071a91, "">.
Error: (03/07/2015 01:00:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern
der Änderungen am Crawl Scope-Manager: >.
Error: (03/07/2015 01:00:14 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:
<20, 0x80071a91, "">.
Error: (03/07/2015 00:59:43 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern
der Änderungen am Crawl Scope-Manager: >.
Error: (03/07/2015 00:59:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:
<20, 0x80071a91, "">.
Error: (03/07/2015 00:59:34 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern
der Änderungen am Crawl Scope-Manager: >.
Error: (03/07/2015 00:59:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler:
<20, 0x80071a91, "">.
System errors:
=============
Error: (03/07/2015 01:00:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 106 Mal passiert.
Error: (03/07/2015 01:00:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Error: (03/07/2015 01:00:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 105 Mal passiert.
Error: (03/07/2015 01:00:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Error: (03/07/2015 01:00:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 104 Mal passiert.
Error: (03/07/2015 01:00:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Error: (03/07/2015 00:59:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 103 Mal passiert.
Error: (03/07/2015 00:59:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Error: (03/07/2015 00:59:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 102 Mal passiert.
Error: (03/07/2015 00:59:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Microsoft Office Sessions:
=========================
Error: (03/07/2015 01:00:38 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/07/2015 01:00:38 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
Error: (03/07/2015 01:00:22 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/07/2015 01:00:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
Error: (03/07/2015 01:00:14 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/07/2015 01:00:14 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
Error: (03/07/2015 00:59:43 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/07/2015 00:59:43 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
Error: (03/07/2015 00:59:34 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/07/2015 00:59:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
CodeIntegrity Errors:
===================================
Date: 2014-10-31 14:16:16.780
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp
\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine
kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich
um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 14:16:16.686
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp
\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine
kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich
um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 14:16:16.593
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp
\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine
kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich
um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 14:16:16.484
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp
\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine
kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich
um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-10 18:04:45.859
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht
überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder
Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer
unbekannten Quelle handelt, installiert.
Date: 2014-01-10 18:04:45.746
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht
überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder
Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer
unbekannten Quelle handelt, installiert.
Date: 2013-02-01 04:00:30.107
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll" konnte
nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-01 04:00:30.076
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll" konnte
nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8043.83 MB
Available physical RAM: 5239.55 MB
Total Pagefile: 16085.84 MB
Available Pagefile: 11917.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive a: (Mobile Partner) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:31.53 GB) NTFS
Drive h: (THE AIR I BREATHE) (CDROM) (Total:22.31 GB) (Free:0 GB) UDF
Drive i: (VOLUME) (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT32
Drive z: (inateckVC) (Fixed) (Total:465.71 GB) (Free:28.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AF2F2F70)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6CF22AD3)
Partition 1: (Not Active) - (Size=45 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=06)
==================== End Of Log ============================
- PcWinTech ?? Hä?? - MacDrive 8 brauche nicht, machte nur Probleme und ist schon deinstalliert aber noch im Startup, habs daher rausgenommen.. weitere Möglichkeit? -LaunchApp ?!?! -FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA ????! Nutze Fb seit einem Jahr nicht mehr.. Plugins bei Mozilla.. hätte da einige enfternt um mein Mozilla mal sauber zu bekommen / UP TO DATE , aber hat bisher nicht hingehauen, hab's mit roten Fragezeichen markiert:  Schon mal DANKE im Voraus! Geändert von Zenon49 (07.03.2015 um 14:08 Uhr) |
|
07.03.2015, 18:49
| #5 |
| /// the machine /// TB-Ausbilder | Sicherheitsupdate für W7 wiederholt sich.. Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 20:57
| #6 |
| | Sicherheitsupdate für W7 wiederholt sich.. Seitdem Combofix durchgelaufen ist funktioniert mein KeePass Programm zur Passwort-Verwaltung nicht mehr! Meine letzte externe Sicherung der Passwörter in einer verschlüsselten HTML Datei ist schon 2 Wochen alt, etwaige neue Pws sind in meinem .kdbx File... Hab' KeePass deinstalliert & neuinstalliert, DENNOCH kommt diese Meldung: Datei kann nicht ausgeführt werden C:/Program Files(x86)/KeePass Password Safe 2/KeePass.exe CreateProcess schlug fehl; Code 31. Ein an das System angeschlossenes Gerät funktioniert nicht. Hilfe! Hier der Combofix Log: Code:
ATTFilter ComboFix 15-03-01.01 - ***** 07.03.2015 20:06:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.4865 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*****\AppData\Roaming\Local
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\arrow.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\context.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\deletelocallowlastpass.txt
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\deleteprogramfiles.txt
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\embed_cs_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\enabletoolbar.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\favicon.ico
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\find_bluetooth.exe
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\generate_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\iehome.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\iehome2.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\ielib_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\add.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\addfriend.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\addgroup.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\cog.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\collapseoff.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\collapseon.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\expandoff.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\expandon.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\book_open.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\creditcards.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\export.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\folder-blue.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\help.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\import.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\kcontrol.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\key.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\note_add.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\popular.gif
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\popular.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lib\remove-user-red.gif
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\logo.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\logouticon.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lp_vault.jpg
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lpdropdown_off.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lpdropdown_on.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\lpwhitelogo.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\menu_x.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\poweredby.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\seccheck.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\time.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\add_site.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\cancel.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\create_group.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\delete.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\edit.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\enterprise.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\eye-hidden.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\eye-shown.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\folder_close.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\folder_open.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\link_account.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\manage_shared.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\search_lite.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\secure_note2.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\settings.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault\share.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault_button_hover.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vault_button_normal.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultaccept.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultalert.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultcopy.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultcreditmonitor.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultdelete.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultedit.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultff.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultidentity.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultinvite.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultreject.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultshare.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaultshares.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\images\vaulttools.png
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\img.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\InTheHand.Net.Personal.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\json2c.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\af-ZA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ar-EG.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ar-SA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\az-AZ.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\be-BY.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\bg-BG.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\bn-BD.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\bs-BA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ca-ES.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\cs-CZ.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\da-DK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\de-DE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\el-GR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\en-AU.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\en-GB.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\en-US.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\eo-US.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\es-ES.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\es-MX.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\et-EE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fa-IR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fi-FI.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fo-FO.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fr-CA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\fr-FR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ga-IE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\gl-ES.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\gu-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\he-IL.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\hi-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\hr-HR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\hu-HU.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\id-ID.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\is-IS.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\it-IT.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ja-JP.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ka-GE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\kn-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ko-KR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\lt-LT.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\lv-LV.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\mg-MG.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\mk-MK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ml-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\mr-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ms-MY.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\nb-NO.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ne-NP.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\nl-NL.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\nn-NO.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\pa-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\pl-PL.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\pt-BR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\pt-PT.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ro-RO.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ru-RU.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\si-LK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sk-SK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sl-SI.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sq-AL.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sr-RS.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\sv-SE.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ta-IN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\te-IN.regexp.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\th-TH.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\tl-PH.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\tr-TR.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\tzm-MA.regexp.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\uk-UA.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ur-PK.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\ver
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\vi-VN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\zh-CN.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lang\zh-TW.dat
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lastpass.exe
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LastPassBroker.exe
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lp_ie.zip
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\lp_languages.zip
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPIEHome.ocx
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPIEHome64.ocx
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPPlugin.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPPlugin_x64.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPToolbar.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\LPToolbar_x64.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\menu.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\mpwchange.html
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\nplastpass.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\nplastpass64.dll
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popup_inframe_lib_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupcombobox.css
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupcombobox_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupfilltab.css
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupfilltab.frag
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupfilltab_common_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\popupfilltab_min.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\programfiles.txt
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\vaultcommonc.js
c:\users\*****\AppData\Roaming\Local\Temp\lptmp\WinBioStandalone.exe
c:\users\*****\AppData\Roaming\poclbm
c:\users\*****\AppData\Roaming\poclbm\poclbm.ini
c:\users\*****\videos\VIDEO_TS Track 1.bin
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\ijl11.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-07 bis 2015-03-07 ))))))))))))))))))))))))))))))
.
.
2015-03-07 19:19 . 2015-03-07 19:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-07 19:19 . 2015-03-07 19:19 -------- d-----w- c:\users\postgres\AppData\Local\temp
2015-03-07 19:19 . 2015-03-07 19:19 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-03-07 19:19 . 2015-03-07 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-07 18:52 . 2015-03-07 18:52 -------- d-----w- c:\program files (x86)\ESET
2015-03-07 14:21 . 2015-03-07 14:21 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2015-03-07 04:44 . 2015-03-07 17:14 -------- d-----w- C:\FRST
2015-03-06 05:35 . 2015-03-06 05:35 970912 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr120.dll
2015-03-06 05:35 . 2015-03-06 05:35 455328 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp120.dll
2015-03-06 05:35 . 2015-03-06 05:35 3466856 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2015-03-06 05:35 . 2015-03-06 05:35 169584 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-03-06 03:00 . 2015-03-06 03:00 -------- d-----w- c:\program files (x86)\Project64 2.1
2015-03-05 17:15 . 2015-03-05 17:15 -------- d-----w- c:\users\*****\AppData\Local\Ndemic Creations
2015-03-01 18:27 . 2015-03-01 18:27 -------- d-----w- c:\users\*****\AppData\Local\CAPCOM
2015-02-26 10:57 . 2015-02-26 11:10 -------- d-----w- c:\program files (x86)\Cryptophane
2015-02-22 15:29 . 2015-02-22 15:29 -------- d-----w- c:\programdata\360TotalSecurity
2015-02-22 00:23 . 2015-02-22 00:23 -------- d-----w- c:\users\*****\AppData\Local\Steam
2015-02-17 17:41 . 2015-02-17 17:41 -------- d-----w- c:\users\*****\AppData\Roaming\XLMSoft
2015-02-17 17:32 . 2015-02-17 17:32 -------- d-----w- c:\program files (x86)\XLM Software
2015-02-13 20:37 . 2015-02-13 20:37 -------- d-----w- c:\users\*****\AppData\Roaming\Foxit Software
2015-02-13 20:36 . 2015-02-13 20:36 -------- d-----w- c:\users\Public\Foxit Software
2015-02-13 20:35 . 2015-02-13 20:35 -------- d-----w- c:\program files (x86)\Foxit Software
2015-02-06 06:24 . 2015-02-06 06:24 -------- d-----w- c:\program files (x86)\MakeMKV
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-12 13:35 . 2014-11-23 12:34 305736 ----a-w- c:\windows\system32\drivers\360Box64.sys
2015-02-12 13:35 . 2014-11-23 12:37 77896 ----a-w- c:\windows\system32\drivers\360AvFlt.sys
2015-02-12 13:35 . 2014-11-23 12:35 314448 ----a-w- c:\windows\system32\drivers\360fsflt.sys
2015-02-12 13:35 . 2014-11-23 12:35 180816 ----a-w- c:\windows\system32\drivers\BAPIDRV64.SYS
2015-02-06 05:23 . 2012-07-03 16:52 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-06 05:23 . 2011-07-22 04:47 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 19:35 . 2014-10-17 12:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-08 00:37 . 2014-10-20 02:30 192344 ----a-w- c:\windows\system32\drivers\veracrypt.sys
2015-01-01 16:23 . 2015-01-01 16:58 175136 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-12-28 16:48 . 2014-11-01 10:20 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-21 07:40 . 2014-12-19 15:34 18831572 ----a-w- c:\users\*****\AppData\Local\OcrMap.bin
2014-12-16 12:39 . 2014-12-16 12:39 35365 ----a-w- c:\windows\SysWow64\uninstHelixYUV.exe
2014-11-07 00:33 . 2014-11-07 00:33 14147584 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-02-18 785416]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"="1425622892" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2015-02-12 1208944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"="c:\users\*****\AppData\Roaming\Copy\CopyAgent.exe" [2015-02-07 15435920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2012-10-29 4017368]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2014-12-16 2050224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag264.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys;c:\windows\SYSNATIVE\drivers\SynUSB64.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/24 13:39;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
R4 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 veracrypt;veracrypt;c:\windows\System32\drivers\veracrypt.sys;c:\windows\SYSNATIVE\drivers\veracrypt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S4 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S4 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S4 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S4 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NVSTREAMKMS
*Deregistered* - truecrypt
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-01 2403104]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: Interfaces\{05DE8C78-3AC9-4B2C-9D85-13F5F33A6FFC}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{26141D4E-6B47-47A4-BE21-0F9864CC4ED8}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{28490DBF-A1C0-4920-AF28-50ECAEC29186}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{3B5A7CEE-5BDD-41C2-8099-5B5B5E9F3473}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{60AA6E3A-F8B7-4493-B253-ED25FEC3BE48}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{6D6AD976-9958-4895-B655-7562A517A433}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{7236F28B-4F21-47D1-BDB6-6FEF4857AD9A}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{ACFBF600-384E-4311-B0B7-79BC6ED5A56E}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{BB5550E0-672D-4085-89B5-6D45CA7386B3}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{BE6BFEF7-058C-4742-A3B9-624C3714AA79}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{D893661C-D7C1-49DF-AAC3-BCEA438691C7}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{E6B34D56-B1B1-4ACF-9922-063A5EBB478F}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{15EDBCBF-7231-4290-946E-5BB12C6AF342} - (no file)
ShellIconOverlayIdentifiers-{14A3EC74-D852-416A-9691-AC3096EE1953} - (no file)
ShellIconOverlayIdentifiers-{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} - (no file)
ShellIconOverlayIdentifiers-{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
ShellIconOverlayIdentifiers-{15EDBCBF-7231-4290-946E-5BB12C6AF342} - (no file)
ShellIconOverlayIdentifiers-{14A3EC74-D852-416A-9691-AC3096EE1953} - (no file)
ShellIconOverlayIdentifiers-{E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
AddRemove-YAMB - c:\program files (x86)\YAMB\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,66,3e,6f,0b,46,16,4d,86,c7,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4d,66,3e,6f,0b,46,16,4d,86,c7,fb,\
.
[HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1001\Software\SecuROM\License information*]
"datasecu"=hex:7d,b1,21,a1,cd,37,47,7f,eb,4c,b5,c7,e4,06,c5,52,b0,1a,fa,bd,e3,
8b,95,50,11,9b,8d,73,00,44,ec,30,8a,93,ea,d6,5f,fb,1a,9b,1a,9d,55,d1,57,07,\
"rkeysecu"=hex:63,02,4e,e1,f0,dd,7b,5f,af,38,e0,12,2a,49,64,9b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:75,a2,25,0d,99,1a,54,73,69,a9,af,e5,11,69,66,5e,98,2e,db,79,1d,
10,88,a3,69,ee,82,70,00,91,51,fc,3f,a9,e7,e9,e4,67,43,e8,02,36,f2,86,89,d2,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:75,a2,25,0d,99,1a,54,73,69,a9,af,e5,11,69,66,5e,98,2e,db,79,1d,
10,88,a3,69,ee,82,70,00,91,51,fc,27,4f,f4,f1,c1,b2,ed,8d,02,36,f2,86,89,d2,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-07 20:35:55
ComboFix-quarantined-files.txt 2015-03-07 19:35
.
Vor Suchlauf: 42 Verzeichnis(se), 32.526.516.224 Bytes frei
Nach Suchlauf: 53 Verzeichnis(se), 32.773.066.752 Bytes frei
.
- - End Of File - - 37CFC9E8F0FB0FFE6729FF15FC5E1263
|
|
08.03.2015, 14:46
| #7 |
| /// the machine /// TB-Ausbilder | Sicherheitsupdate für W7 wiederholt sich.. Nach Reboot immer noch nicht? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.03.2015, 18:50
| #8 |
| | Sicherheitsupdate für W7 wiederholt sich.. Info: Nach dem dritten Reboot geht nun KeePass wieder Die Logs.. Malwarebytes Anti-Malware Log: HTML-Code: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.03.2015 Suchlauf-Zeit: 16:36:22 Logdatei: Malwarebytes-AM_.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.08.04 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 568714 Verstrichene Zeit: 58 Min, 39 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [8391be85c6c4ea4c7aebe84534d150b0], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [5cb850f325653afc8bd9022b5ca9fd03], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 4 PUP.Optional.Somoto, C:\Users\*****\Downloads\magic-audio-joiner.exe, , [bc5858eb6a204aecedf845c05ea84eb2], PUP.Optional.OpenCandy, C:\Users\*****\Downloads\MediaInfo_GUI_0.7.71_Windows.exe, , [b55f6bd8dfab4aec8c213ccaaf57827e], PUP.Optional.OpenCandy, C:\Users\*****\Downloads\SetupImgBurn_2.5.8.0.exe, , [68aca79c31599a9cfbb216f0f11517e9], PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [9e76d96af595c5710a5e25088c7923dd], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) ImgBurn & MediaInfo sind NICHT unerwünscht und bundeln soweit mir bekann keine Adware. Magic Audio Joiner ist Dreck, das hat damals mir Toolbars ohne Ende installiert, offenbar hab' ich die Installation vergessen.. JTR Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by ***** on 08.03.2015 at 17:49:48,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.03.2015 at 17:54:40,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 08/03/2015 um 17:55:53
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ***** - ACER-A-5750G
# Gestarted von : C:\Users\*****\Downloads\AdwCleaner_4.111.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
Task Gefunden : LaunchApp
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v36.0.1 (x86 de)
-\\ Chromium v
-\\ Opera v26.0.1656.60
*************************
AdwCleaner[R0].txt - [10082 Bytes] - [29/10/2014 17:07:40]
AdwCleaner[R1].txt - [929 Bytes] - [29/10/2014 21:22:38]
AdwCleaner[R2].txt - [1183 Bytes] - [16/11/2014 15:31:49]
AdwCleaner[R3].txt - [2347 Bytes] - [07/12/2014 10:05:11]
AdwCleaner[R4].txt - [5530 Bytes] - [06/03/2015 07:02:59]
AdwCleaner[R5].txt - [1033 Bytes] - [08/03/2015 17:55:53]
AdwCleaner[S0].txt - [9550 Bytes] - [29/10/2014 17:14:51]
AdwCleaner[S1].txt - [1227 Bytes] - [16/11/2014 15:33:53]
AdwCleaner[S2].txt - [2381 Bytes] - [07/12/2014 10:10:25]
AdwCleaner[S3].txt - [4663 Bytes] - [06/03/2015 07:06:06]
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1328 Bytes] ##########
|
|
08.03.2015, 18:56
| #9 |
| | Sicherheitsupdate für W7 wiederholt sich.. FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by ***** (administrator) on ACER-A-5750G on 08-03-2015 18:20:09
Running from C:\TOOLS\SecurityTOOLS\FSRT64 - Analysetool
Loaded Profiles: ***** & postgres (Available profiles: ***** & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(PcWinTech.com) C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-08-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1208944 2015-02-12] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1687097068-401554184-1692899982-1054\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\S-1-5-21-1687097068-401554184-1692899982-1054\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\*****\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-02-07] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166616 2014-08-01] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-08-01] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} => No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1687097068-401554184-1692899982-1054 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-27] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
Toolbar: HKU\S-1-5-21-1687097068-401554184-1692899982-1001 -> No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\..\Interfaces\{05DE8C78-3AC9-4B2C-9D85-13F5F33A6FFC}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{26141D4E-6B47-47A4-BE21-0F9864CC4ED8}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{28490DBF-A1C0-4920-AF28-50ECAEC29186}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{3B5A7CEE-5BDD-41C2-8099-5B5B5E9F3473}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{60AA6E3A-F8B7-4493-B253-ED25FEC3BE48}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{6D6AD976-9958-4895-B655-7562A517A433}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{7236F28B-4F21-47D1-BDB6-6FEF4857AD9A}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{ACFBF600-384E-4311-B0B7-79BC6ED5A56E}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BB5550E0-672D-4085-89B5-6D45CA7386B3}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{BE6BFEF7-058C-4742-A3B9-624C3714AA79}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{D893661C-D7C1-49DF-AAC3-BCEA438691C7}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{E6B34D56-B1B1-4ACF-9922-063A5EBB478F}: [NameServer] 193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\firebug@software.joehewitt.com.xpi [2014-12-07]
FF Extension: Ghostery - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\firefox@ghostery.com.xpi [2015-02-04]
FF Extension: Mailvelope - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-02-26]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-07]
FF Extension: QuickImage - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{B9FBA24F-5573-4889-80AC-80809FB9C425}.xpi [2014-12-11]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07]
FF Extension: Greasemonkey - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-12]
FF Extension: QuickJava - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-11]
FF Extension: UnMHT - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\kyd8k7f2.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-10-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360网页保护 - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2014-11-23]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2015-01-01] (EasyAntiCheat Ltd)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
S4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
S4 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [218624 2011-10-17] () [File not signed]
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)
S4 PaceLicenseDServices; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-07-09] (PACE Anti-Piracy, Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-07] ()
R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2011-04-15] (PostgreSQL Global Development Group) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [813680 2015-02-12] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 CLKMSVC10_9EC60124; "C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe" /svc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2014-11-20] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-02-12] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-02-12] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-11-20] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [314448 2015-02-12] (Qihu 360 Software Co., Ltd.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2013-04-23] (LG Electronics Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S1 Aspi32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-26] ()
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2015-02-12] (Qihu 360 Software Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-25] (Disc Soft Ltd)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2011-10-17] (Huawei Technologies Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2012-07-03] (RapidSolution Software AG)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2001-08-25] () [File not signed]
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
R0 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-01-08] (IDRIX)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TwoToXDfrgSrvc; No ImagePath
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 18:03 - 2015-03-08 18:03 - 00000022 _____ () C:\Windows\S.dirmngr
2015-03-08 17:54 - 2015-03-08 17:54 - 00000696 _____ () C:\Users\*****\Desktop\JRT.txt
2015-03-08 17:47 - 2015-03-08 17:47 - 01388333 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2015-03-07 23:34 - 2015-03-07 23:34 - 00848856 _____ (Panda Security ) C:\Users\*****\Downloads\USBVaccineSetup.exe
2015-03-07 23:26 - 2015-03-07 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-07 23:26 - 2015-03-07 23:26 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-07 21:56 - 2015-03-07 21:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VSRevoGroup
2015-03-07 20:46 - 2015-03-07 20:46 - 02536151 _____ (Dominik Reichl ) C:\Users\*****\Downloads\KeePass-2.28-Setup.exe
2015-03-07 20:36 - 2015-03-07 20:36 - 00051684 _____ () C:\ComboFix.txt
2015-03-07 20:03 - 2015-03-07 20:36 - 00000000 ____D () C:\Qoobox
2015-03-07 20:03 - 2015-03-07 20:31 - 00000000 ____D () C:\Windows\erdnt
2015-03-07 20:03 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 20:03 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 20:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 20:03 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 19:57 - 2015-03-07 19:58 - 05612482 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2015-03-07 19:52 - 2015-03-07 19:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-07 18:37 - 2015-03-08 17:20 - 00001804 _____ () C:\Windows\Sandboxie.ini
2015-03-07 18:37 - 2015-03-07 18:37 - 00000878 _____ () C:\Users\*****\Desktop\Sandboxed Web Browser.lnk
2015-03-07 18:37 - 2015-03-07 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-03-07 05:44 - 2015-03-08 18:20 - 00000000 ____D () C:\FRST
2015-03-06 07:01 - 2015-03-06 07:02 - 02126848 _____ () C:\Users\*****\Downloads\AdwCleaner_4.111.exe
2015-03-06 05:17 - 2015-03-06 05:18 - 07019963 _____ () C:\Users\*****\Downloads\Forsaken 64 (E).zip
2015-03-06 04:00 - 2015-03-06 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2015-03-06 04:00 - 2015-03-06 04:00 - 00000000 ____D () C:\Program Files (x86)\Project64 2.1
2015-03-05 23:42 - 2015-03-05 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-03-05 18:15 - 2015-03-05 18:15 - 00000000 ____D () C:\Users\*****\AppData\Local\Ndemic Creations
2015-03-04 20:29 - 2015-03-04 20:29 - 00000000 ____D () C:\Users\*****\Documents\SEGA
2015-03-01 19:27 - 2015-03-01 19:27 - 00000000 ____D () C:\Users\*****\AppData\Local\CAPCOM
2015-03-01 18:13 - 2015-03-01 18:13 - 00012295 _____ () C:\Users\*****\Documents\bafoeg_kram_etc24732897.odt
2015-02-27 21:24 - 2015-02-27 21:24 - 05593268 _____ (Your Company Name ) C:\Users\*****\Downloads\incloak_vpn_1.03.exe
2015-02-26 12:10 - 2015-02-26 12:10 - 00001384 _____ () C:\Users\*****\Documents\Cryptophane.txt
2015-02-26 11:57 - 2015-02-26 12:10 - 00000000 ____D () C:\Program Files (x86)\Cryptophane
2015-02-26 11:57 - 2015-02-26 11:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cryptophane
2015-02-26 11:57 - 2015-02-26 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptophane
2015-02-24 19:14 - 2015-02-24 19:47 - 00014888 _____ () C:\Users\*****\Downloads\movies.odb
2015-02-24 15:43 - 2015-02-24 15:43 - 00034789 _____ () C:\Users\*****\Downloads\Rechnung 70915.0-15 Ihre Bestellung ONL3893 vom 24.02.2015.zip
2015-02-23 15:42 - 2015-03-08 18:01 - 00010462 _____ () C:\Windows\PFRO.log
2015-02-22 16:29 - 2015-02-22 16:29 - 00001113 _____ () C:\Users\Public\Desktop\360 Total Security.lnk
2015-02-22 16:29 - 2015-02-22 16:29 - 00000000 ____D () C:\ProgramData\360TotalSecurity
2015-02-22 01:23 - 2015-02-22 01:23 - 00000000 ____D () C:\Users\*****\AppData\Local\Steam
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\*****\AppData\Roaming\XLMSoft
2015-02-17 18:32 - 2015-02-17 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOOKcook Bücherverwaltung
2015-02-17 18:32 - 2015-02-17 18:32 - 00000000 ____D () C:\Program Files (x86)\XLM Software
2015-02-17 18:28 - 2015-02-17 18:28 - 00967704 _____ (XLM Software Axel Meierhöfer ) C:\Users\*****\Downloads\BOOKcookSetup_v1.43.1(FEB_2015).exe
2015-02-15 15:30 - 2015-02-15 15:30 - 00001958 _____ () C:\Users\*****\Desktop\Kindle.lnk
2015-02-15 15:30 - 2015-02-15 15:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-02-15 15:26 - 2015-02-15 15:29 - 40790520 _____ (Amazon.com) C:\Users\*****\Downloads\KindleForPC-installer(1).exe
2015-02-13 21:37 - 2015-02-13 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Foxit Software
2015-02-13 21:36 - 2015-02-13 21:36 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-02-13 21:36 - 2015-02-13 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-02-13 21:35 - 2015-02-13 21:35 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-02-13 21:27 - 2015-02-13 21:29 - 53078632 _____ (Foxit Software Inc. ) C:\Users\*****\Downloads\FoxitReader708.1216_prom_L10N_Setup.exe
2015-02-13 21:09 - 2015-02-13 21:10 - 04307793 _____ () C:\Users\*****\Downloads\ICE Book Reader 9.4.0 Portable.7z
2015-02-10 21:45 - 2015-02-10 21:46 - 02201614 _____ (Raid-Rush ) C:\Users\*****\Downloads\xupper-setup.exe
2015-02-10 14:21 - 2015-02-10 14:21 - 01976342 _____ () C:\Users\*****\Downloads\LIT.ME.DN.4952581.RAR
2015-02-10 09:42 - 2015-02-10 09:43 - 00000000 ____D () C:\Users\*****\Desktop\Tor Browser
2015-02-10 09:33 - 2015-02-10 09:38 - 34662667 _____ () C:\Users\*****\Downloads\torbrowser-install-4.0.3_de.exe
2015-02-07 15:44 - 2015-03-08 18:04 - 00002812 _____ () C:\Windows\setupact.log
2015-02-07 15:44 - 2015-02-07 15:49 - 04934448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-07 15:44 - 2015-02-07 15:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-06 07:24 - 2015-02-06 07:24 - 00000955 _____ () C:\Users\*****\Desktop\MakeMKV.lnk
2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2015-02-06 07:24 - 2015-02-06 07:24 - 00000000 ____D () C:\Program Files (x86)\MakeMKV
2015-02-06 07:23 - 2015-02-06 07:24 - 06449418 _____ (GuinpinSoft inc) C:\Users\*****\Downloads\Setup_MakeMKV_v1.9.1.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 18:21 - 2011-08-21 02:10 - 01786986 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 18:15 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 18:15 - 2009-07-14 05:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 18:10 - 2013-12-19 16:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Copy
2015-03-08 18:06 - 2013-12-21 21:29 - 00000000 ____D () C:\ProgramData\VMware
2015-03-08 18:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 17:58 - 2014-10-29 17:07 - 00000000 ____D () C:\AdwCleaner
2015-03-08 17:46 - 2011-11-21 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\foobar2000
2015-03-08 17:13 - 2011-10-16 16:57 - 00000000 ____D () C:\STEAM
2015-03-08 16:32 - 2014-11-01 11:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 14:27 - 2013-09-03 21:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2015-03-08 09:56 - 2013-11-02 11:18 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gnupg
2015-03-07 21:34 - 2014-12-17 07:47 - 00000000 ____D () C:\TOOLS
2015-03-07 21:21 - 2013-09-26 18:46 - 00000000 ____D () C:\Users\postgres
2015-03-07 20:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-07 19:20 - 2011-08-21 12:02 - 00704298 _____ () C:\Windows\system32\perfh007.dat
2015-03-07 19:20 - 2011-08-21 12:02 - 00151692 _____ () C:\Windows\system32\perfc007.dat
2015-03-07 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-07 19:19 - 2011-11-08 21:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SoftGrid Client
2015-03-07 19:09 - 2012-07-08 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-03-07 18:37 - 2014-10-19 23:44 - 00000000 ____D () C:\Program Files\Sandboxie
2015-03-07 18:36 - 2014-10-19 23:37 - 06980616 _____ (Sandboxie Holdings, LLC) C:\Users\*****\Downloads\SandboxieInstall.exe
2015-03-07 17:42 - 2014-10-20 07:26 - 00000000 ____D () C:\Users\*****\AppData\Roaming\KeePass
2015-03-07 00:16 - 2014-10-27 11:04 - 00000000 ____D () C:\Users\*****\AppData\Local\JDownloader 2.0
2015-03-06 07:14 - 2014-12-07 12:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 06:35 - 2015-01-27 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 06:34 - 2014-12-07 12:00 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-06 06:34 - 2014-12-07 12:00 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-06 06:34 - 2014-05-20 02:12 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-06 06:34 - 2011-10-15 13:39 - 00001425 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-05 23:42 - 2013-10-02 04:34 - 00000576 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-03-05 20:33 - 2013-10-10 21:03 - 00000000 ___HD () C:\ProgramData\vid
2015-03-05 20:33 - 2013-10-10 21:03 - 00000000 ___HD () C:\ProgramData\tks
2015-03-05 11:59 - 2009-07-14 06:13 - 01630642 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 11:34 - 2013-10-02 05:44 - 00000000 ____D () C:\Users\*****\AppData\Local\Thunderbird
2015-03-03 06:13 - 2013-10-02 05:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-02 13:42 - 2012-01-27 20:44 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TS3Client
2015-03-01 18:13 - 2013-12-17 13:32 - 00000000 ___RD () C:\Dropbox
2015-02-28 04:06 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-27 23:46 - 2014-11-23 14:12 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-02-27 23:46 - 2014-11-23 14:12 - 00000000 ____D () C:\$360Section
2015-02-27 23:46 - 2014-11-23 13:35 - 00000000 ____D () C:\ProgramData\360safe
2015-02-27 23:45 - 2012-08-01 17:38 - 00000000 ____D () C:\Users\*****\Downloads\ReFX.Vanguard.VSTi.RTAS.v1.8.0-AiR
2015-02-24 18:09 - 2011-10-19 18:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\IrfanView
2015-02-24 17:58 - 2013-10-02 04:55 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-24 15:22 - 2013-10-07 16:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Notepad++
2015-02-24 15:22 - 2013-10-07 16:40 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-02-23 17:10 - 2014-11-23 13:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\360safe
2015-02-23 17:09 - 2013-11-05 02:09 - 00000000 ____D () C:\Users\*****\Documents\My Kindle Content
2015-02-23 16:06 - 2011-12-09 00:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2015-02-23 16:05 - 2012-05-03 11:51 - 00001028 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2015-02-23 16:05 - 2012-05-03 11:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-22 16:33 - 2012-07-09 06:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-17 02:22 - 2013-11-05 01:13 - 00000000 ____D () C:\Users\*****\Documents\Calibre Library
2015-02-16 03:02 - 2012-07-09 18:26 - 00001063 _____ () C:\Users\*****\Documents\iTLU_profile_a.itlu
2015-02-15 15:30 - 2011-11-26 02:32 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-02-14 11:36 - 2011-11-11 02:58 - 00012288 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 21:22 - 2014-04-08 22:12 - 00000000 ____D () C:\Program Files (x86)\ICE Book Reader Professional
2015-02-12 14:35 - 2014-11-23 13:37 - 00077896 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2015-02-12 14:35 - 2014-11-23 13:35 - 00314448 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\360fsflt.sys
2015-02-12 14:35 - 2014-11-23 13:35 - 00180816 _____ (Qihu 360 Software Co., Ltd.) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2015-02-12 14:35 - 2014-11-23 13:34 - 00305736 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2015-02-10 12:18 - 2014-04-08 20:53 - 00000000 ____D () C:\Users\*****\Downloads\ebooks
2015-02-06 10:40 - 2013-04-18 22:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\HandBrake
2015-02-06 07:17 - 2014-12-16 10:11 - 00000040 ___SH () C:\ProgramData\.zreglib
2015-02-06 07:05 - 2014-10-23 20:13 - 00000000 ____D () C:\Metabones
2015-02-06 06:23 - 2012-07-03 17:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 06:23 - 2011-10-15 14:00 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2015-02-06 06:23 - 2011-07-22 05:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-11-07 01:33 - 2014-11-07 01:33 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-10-15 18:16 - 2011-10-16 00:13 - 0000288 _____ () C:\Users\*****\AppData\Roaming\.backup.dm
2012-01-23 19:49 - 2015-01-30 02:27 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe BMP Format CS5 Prefs
2012-04-27 00:20 - 2015-02-01 01:43 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-31 02:41 - 2014-03-31 02:49 - 0002352 _____ () C:\Users\*****\AppData\Roaming\ASSDraw3.cfg
2011-10-19 19:08 - 2013-07-19 00:42 - 0000072 _____ () C:\Users\*****\AppData\Roaming\burnaware.ini
2012-06-20 04:23 - 2012-06-20 04:28 - 0311550 _____ () C:\Users\*****\AppData\Roaming\CodecsLE_Install.log
2012-06-20 04:26 - 2012-06-20 04:26 - 0314526 _____ () C:\Users\*****\AppData\Roaming\CodecsPE_Install.log
2015-01-10 00:30 - 2015-01-10 00:45 - 0000652 _____ () C:\Users\*****\AppData\Roaming\haj-log_2015-01-10 00_30_45.mjf
2012-06-19 16:13 - 2012-06-19 16:43 - 10008278 _____ () C:\Users\*****\AppData\Roaming\MediaComposer_Install.log
2013-12-08 14:15 - 2013-12-08 14:33 - 0001331 _____ () C:\Users\*****\AppData\Roaming\SplotchesConfig.dat
2012-01-23 16:57 - 2012-11-04 11:10 - 0001456 _____ () C:\Users\*****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2011-11-11 02:58 - 2015-02-14 11:36 - 0012288 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-19 16:34 - 2014-12-21 08:40 - 18831572 _____ () C:\Users\*****\AppData\Local\OcrMap.bin
2012-07-16 08:40 - 2012-07-16 08:40 - 0007607 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-12-16 10:11 - 2015-02-06 07:17 - 0000040 ___SH () C:\ProgramData\.zreglib
2011-08-21 02:32 - 2011-08-21 02:34 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-10-19 06:28 - 2014-10-19 06:28 - 0000000 _____ () C:\ProgramData\JonDoFox.paf.exe
2011-10-19 22:41 - 2011-10-19 22:41 - 0000139 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-08-06 17:08 - 2013-08-06 17:09 - 0000032 _____ () C:\ProgramData\PS.log
Files to move or delete:
====================
C:\ProgramData\JonDoFox.paf.exe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 04:09
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by ***** at 2015-03-08 18:21:54
Running from C:\TOOLS\SecurityTOOLS\FSRT64 - Analysetool
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 6.0.0.1140 - 360 Security Center)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
Aiseesoft Blu-ray Player 6.2.28 (HKLM-x32\...\{3E1A13C3-E458-4995-BEA6-4B9BE279D502}_is1) (Version: 6.2.28 - Aiseesoft Studio)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.1 - Microsoft Corporation) Hidden
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.10.0.574 - Ilya Morozov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BOOKcook Bücherverwaltung 1.43.1 (HKLM-x32\...\BOOKcook Bücherverwaltung_is1) (Version: - XLM Software Axel Meierhöfer)
Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX del Windows Live Mesh per a connexions remotes (HKLM-x32\...\{76C064E2-BB99-4453-8FDA-42BC01AD0734}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version: - SEGA)
Cryptophane 0.7.0 (HKLM-x32\...\Cryptophane_is1) (Version: 0.7.0 - eCOSM)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Darkout (HKLM-x32\...\Steam App 257050) (Version: - Allgraf)
Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version: - Rising Star Games)
Desura (HKLM-x32\...\Desura) (Version: 100.58 - Desura)
Desura: BEEP (HKLM-x32\...\Desura_62843961475104) (Version: Full - Big Fat Alien)
Desura: Lunar Wish: Orbs Of Fate (HKLM-x32\...\Desura_101640401059872) (Version: Full - lustermx)
Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)
Desura: OpenArena (HKLM-x32\...\Desura_24597277704224) (Version: Full - FSFPS project contributors)
Desura: Particulars (HKLM-x32\...\Desura_95674691485728) (Version: Alpha - SeeThrough Studios)
Desura: Project Zomboid (HKLM-x32\...\Desura_62350040236064) (Version: Alpha - The Indie Stone)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
DF CrcSfv 1.3 (HKLM-x32\...\DF CrcSfv_is1) (Version: - Frischalowski EDV-Beratung)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version: - Daedalic Entertainment)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Epic Battle Fantasy 4 (HKLM-x32\...\Steam App 265610) (Version: - Matt Roszak)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: - )
Erforderliche Komponenten für SSDT (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version: - Stardock Entertainment)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FFMpegSource Plugin (HKLM-x32\...\FFMpegSource Plugin_is1) (Version: - )
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Helium Audio Joiner (build 331) (HKLM-x32\...\{1C7BCE67-6479-4D56-AD92-E50479028171}_is1) (Version: 1.9.0.331 - Imploded Software)
Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version: - )
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ICQ 8.2 (build 6901) (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\ICQ) (Version: 8.2.6901.0 - ICQ)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kit SDK de vérification de Visual Studio*2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 64 (HKLM-x32\...\InstallShield_{58BF5D14-CBCF-473C-B0E0-A7955A23224E}) (Version: - )
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version: - Stainless Games)
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North)
MakeMKV v1.9.1 (HKLM-x32\...\MakeMKV) (Version: v1.9.1 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Memory Profiler (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 2.0 (HKLM-x32\...\{F17B8386-A74A-4E4E-A7DD-435372991E14}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 mit Update 3 (HKLM-x32\...\{c5f1b3cc-a03d-44d8-be17-21252a106599}) (Version: 12.0.30723 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Moppi Flower Saver 1.0 (HKLM-x32\...\Moppi Flower Saver Installer_is1) (Version: - )
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
MSU Video Quality Measurement Tool 3.0 DEMO 3.0 (HKLM\...\MSU Video Quality Measurement Tool 3.0 DEMO_is1) (Version: - MSU CS Graphics & Media Lab (Video Group))
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA CUDA Samples 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDASamples_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVisualStudioIntegration_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA GPU Deployment Kit 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GDK) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 4.1.0.14204 (HKLM\...\{FEDB4463-83C0-4259-B119-5FE9C64A277F}) (Version: 4.1.0.14204 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{4D983759-07FC-4571-BB59-58C9BBADECC5}) (Version: 1.00.00.00 - NVIDIA Corporation)
NVIDIA Update 15.3.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 15.3.33 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.23 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Pauker (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Pauker) (Version: - Ronny Standtke)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Python Tools - Umleitungsvorlage (x32 Version: 1.2 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version: - CAPCOM Co., Ltd.)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version: - Harebrained Schemes)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Sigil 0.8.2 (HKLM\...\Sigil_is1) (Version: - John Schember)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 4.0.1410.24) (Version: 4.0.1410.24 - Solveig Multimedia)
Spotify (HKU\S-1-5-21-1687097068-401554184-1692899982-1001\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.62 - NesterSoft Inc.)
Tomb Raider II (HKLM-x32\...\Steam App 225300) (Version: - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version: - Core Design)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version: - Crystal Dynamics)
TP-LINK TL-WN721N_WN722N Treiber (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.2.1 - TP-LINK)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
Unreal Development Kit: 2012-10 (HKLM\...\UDK-0a6a40ea-8287-4f25-ac5a-8c34b192a2bc) (Version: - Epic Games, Inc.)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (HKLM-x32\...\{7BA6DF02-B094-45D7-A3C9-BE3684253922}) (Version: 15.4.5722.2 - Microsoft Corporation)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-1 - IDRIX)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Wecker für Windows 6.5 (HKLM-x32\...\{FFDC4005-E968-498D-93C8-CC148742167D}}_is1) (Version: 6.5 - Christoph Bünger Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
YAMB (HKLM-x32\...\YAMB) (Version: - )
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1687097068-401554184-1692899982-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
27-02-2015 21:26:07 Installed inCloak VPN.
27-02-2015 21:29:54 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
07-03-2015 03:46:44 Windows Update
07-03-2015 15:21:16 Removed Swirl Abstracts Screensaver
07-03-2015 17:11:13 Revo Uninstaller's restore point - inCloak VPN
07-03-2015 17:13:56 Revo Uninstaller's restore point - BluFab 9.1.4.4 (05/06/2014)
07-03-2015 17:17:12 Revo Uninstaller's restore point - GetNZB Version 1.370
07-03-2015 19:09:40 TrueCrypt uninstallation
07-03-2015 19:18:54 Revo Uninstaller's restore point - Microsoft Office Klick-und-Los 2010
07-03-2015 19:19:12 Microsoft Office Klick-und-Los 2010 wird entfernt
07-03-2015 19:26:34 Revo Uninstaller's restore point - Microsoft Office Klick-und-Los 2010
07-03-2015 23:25:40 Removed 7-Zip 9.20 (x64 edition)
07-03-2015 23:26:35 Installed 7-Zip 9.38 (x64 edition)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-07 20:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0172E992-E646-49FF-8B3A-469A29270AA3} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {2CAD0DF8-C7F0-4EC2-A9B6-A7C1E630629F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {2EBAF774-0FC2-462D-9AEC-1661DD36D74F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {4DBA96C8-2A39-4E3F-95BB-AC16C0C195AB} - System32\Tasks\CleanMem Mini Monitor => C:\Program Files (x86)\CleanMem\mini_monitor.exe [2012-09-20] (PcWinTech.com)
Task: {4FFC8C6F-854C-4DD0-A731-63854D664787} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA No Task File <==== ATTENTION
Task: {6D55F12D-EB29-420E-B3BA-44B545ACFC5C} - \LaunchApp No Task File <==== ATTENTION
Task: {8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core No Task File <==== ATTENTION
Task: {90C36BFD-4BF6-4086-AD5B-A3E4BC351F95} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B2090BC7-797E-4A64-A768-2964C3CCC0D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B48AF527-D3AB-4E96-88D9-0D756DF4CC22} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - \Adobe Reader Speed Launcher No Task File <==== ATTENTION
Task: {C63B5B04-E629-4896-8F00-E2D97FFB3B28} - System32\Tasks\AdobeAAMUpdater-1.0-acer-a-5750g-***** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {CC220CD3-C427-4154-A3B3-F59CD895A618} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-20] (PcWinTech.com)
Task: {FEF89A0A-55EB-4DAA-8E53-27B7837036C4} - System32\Tasks\{34EE32BD-3F39-4310-9FC9-9238E6DD1C78} => pcalua.exe -a C:\Users\*****\Downloads\VirtualBox-4.3.4-91027-Win.exe -d C:\Users\*****\Downloads
==================== Loaded Modules (whitelisted) ==============
2014-11-23 13:34 - 2015-02-12 14:35 - 00813680 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
2014-10-27 00:08 - 2014-08-01 04:45 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-02 02:30 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-11-23 13:34 - 2015-02-12 14:35 - 00612944 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-10-07 15:54 - 2013-10-07 15:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2010-11-16 14:38 - 2010-11-16 14:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2011-10-17 18:03 - 2011-10-17 18:02 - 00514048 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2013-09-05 21:00 - 2013-09-07 02:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-26 18:43 - 2011-04-15 13:13 - 00216064 _____ () C:\Program Files\PostgreSQL\9.0\bin\LIBPQ.dll
2013-09-26 18:43 - 2010-05-07 08:48 - 01333760 _____ () C:\Program Files\PostgreSQL\9.0\bin\libxml2.dll
2014-06-12 16:44 - 2014-06-12 16:44 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2011-07-22 05:54 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-23 13:34 - 2015-02-12 14:35 - 01208944 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-26 23:05 - 2014-08-01 06:42 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 15:47 - 2013-10-07 15:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 15:44 - 2013-10-07 15:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00428032 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00261632 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 02415104 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 09515520 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00381952 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.DLL
2011-10-17 18:03 - 2011-10-17 18:02 - 00218112 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00135168 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00545280 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00238080 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00301056 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00235008 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00159232 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00176128 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00264704 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00217600 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00156672 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00338432 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00106496 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 01077248 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00670720 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00550400 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00547840 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00211968 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00101376 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00180224 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00131072 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 01101824 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00278528 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00495104 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00184832 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00123392 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00308224 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00117760 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00428032 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00093184 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00333312 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00249344 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00483328 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00808960 _____ () C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:02 - 00739328 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00239104 _____ () C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL
2011-10-17 18:03 - 2011-10-17 18:03 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00229888 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00082944 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00081920 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00192000 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00350720 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2011-10-17 18:03 - 2011-10-17 18:03 - 00370176 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2012-04-15 14:09 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft:1YL26yuNMhJebFkOF0
AlternateDataStreams: C:\ProgramData\Microsoft:lENnA5vff516fFhzmuW
AlternateDataStreams: C:\Users\*****\Cookies:cygM3w0l6CBJC2n9wN
AlternateDataStreams: C:\Users\*****\AppData\Local\iNN2YC20irDVgW:WKa4N2Bptibo15RqduIuUQPCV
AlternateDataStreams: C:\Users\*****\AppData\Local\nx0yC7wG2l:uZ4VAZHWL1s3FnY547Srz2U
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:ESNGrHTQEM5OtEgbVQId
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:IJbfx6utWWRMKl3UM7p
AlternateDataStreams: C:\Users\*****\AppData\Local\Temporary Internet Files:ODT82Af2glL7afdCP
AlternateDataStreams: C:\Users\*****\AppData\Local\vC0gfSXfKSm1:OI6R9NoE3JlZMy8Ig2FLnA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1687097068-401554184-1692899982-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.189.244.225 - 193.189.244.206
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: Giraffic => 2
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: M4LIC => 2
MSCONFIG\Services: MacDrive8Service => 2
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: PaceLicenseDServices => 2
MSCONFIG\Services: PCSUITEDFRGSVC => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wecker für Windows 6.lnk => C:\Windows\pss\Wecker für Windows 6.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Copy => "C:\Users\*****\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: Facebook Update => "C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Getting started with MacDrive 8 => "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
MSCONFIG\startupreg: ICQ => C:\Users\*****\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NapsterShell => C:\Program Files (x86)\Napster\napster.exe /systray
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Update Service => C:\Program Files (x86)\Common Files\Teknum Systems\update.exe "/startup"
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
==================== Accounts: =============================
A5108FB4EE024DCDA5F9 (S-1-5-21-1687097068-401554184-1692899982-1113 - Limited - Enabled)
Administrator (S-1-5-21-1687097068-401554184-1692899982-500 - Administrator - Disabled)
Gast (S-1-5-21-1687097068-401554184-1692899982-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1687097068-401554184-1692899982-1003 - Limited - Enabled)
***** (S-1-5-21-1687097068-401554184-1692899982-1001 - Administrator - Enabled) => C:\Users\*****
postgres (S-1-5-21-1687097068-401554184-1692899982-1054 - Limited - Enabled) => C:\Users\postgres
==================== Faulty Device Manager Devices =============
Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2015 06:22:07 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.
Error: (03/08/2015 06:22:07 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.
Error: (03/08/2015 06:20:30 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.
Error: (03/08/2015 06:20:30 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.
Error: (03/08/2015 06:19:34 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.
Error: (03/08/2015 06:19:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.
Error: (03/08/2015 06:19:25 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.
Error: (03/08/2015 06:19:25 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.
Error: (03/08/2015 06:18:01 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >.
Error: (03/08/2015 06:18:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">.
System errors:
=============
Error: (03/08/2015 06:22:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.
Error: (03/08/2015 06:22:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Error: (03/08/2015 06:20:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.
Error: (03/08/2015 06:20:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Error: (03/08/2015 06:19:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.
Error: (03/08/2015 06:19:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Error: (03/08/2015 06:19:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Error: (03/08/2015 06:19:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Error: (03/08/2015 06:18:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (03/08/2015 06:18:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%6801
Microsoft Office Sessions:
=========================
Error: (03/08/2015 06:22:07 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/08/2015 06:22:07 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
Error: (03/08/2015 06:20:30 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/08/2015 06:20:30 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
Error: (03/08/2015 06:19:34 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/08/2015 06:19:34 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
Error: (03/08/2015 06:19:25 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/08/2015 06:19:25 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
Error: (03/08/2015 06:18:01 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager:
Error: (03/08/2015 06:18:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 200x80071a91
CodeIntegrity Errors:
===================================
Date: 2015-03-07 20:15:15.705
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-03-07 20:15:15.627
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 14:16:16.780
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 14:16:16.686
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 14:16:16.593
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 14:16:16.484
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\*****\AppData\Local\Temp\ListOpenedFileDrv_64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-10 18:04:45.859
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-10 18:04:45.746
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-01 04:00:30.107
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-01 04:00:30.076
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8043.83 MB
Available physical RAM: 5272.7 MB
Total Pagefile: 16085.84 MB
Available Pagefile: 13235.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive a: (Mobile Partner) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:33.01 GB) NTFS
Drive i: (VOLUME) (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT32
Drive k: (STOR.E ALU 2S) (Fixed) (Total:931.51 GB) (Free:44.43 GB) NTFS
Drive y: (seagate ext) (Fixed) (Total:931.49 GB) (Free:71.62 GB) exFAT
Drive z: (inateckVC) (Fixed) (Total:465.71 GB) (Free:28.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AF2F2F70)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9948019B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6CF22AD3)
Partition 1: (Not Active) - (Size=45 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=06)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 29623882)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Kannst Du nach deiner Sichtung sagen, ob's bei Combofix False-Positives gab? Oder kann ich das deinstallieren? Dann wären die Files halt futsch.. Hatte nach dem Reboot kurzzeitig das Problem, dass ich VeraCrypt nicht starten konnte, es kam die Meldung ich hätte keine Berechtigungen. Nach mehrmaligem Probieren konnte ich's dann dennoch starten. Weißt du vielleicht was es mit diesen Benutzern auf sich hat? A5108FB4EE024DCDA5F9 (S-1-5-21-1687097068-401554184-1692899982-1113 - Limited - Enabled) postgres (S-1-5-21-1687097068-401554184-1692899982-1054 - Limited - Enabled) => C:\Users\postgres HomeGroupUser$ (S-1-5-21-1687097068-401554184-1692899982-1003 - Limited - Enabled) Geändert von Zenon49 (08.03.2015 um 19:04 Uhr) |
|
08.03.2015, 19:44
| #10 |
| /// the machine /// TB-Ausbilder | Sicherheitsupdate für W7 wiederholt sich.. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {4FFC8C6F-854C-4DD0-A731-63854D664787} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA No Task File <==== ATTENTION
Task: {6D55F12D-EB29-420E-B3BA-44B545ACFC5C} - \LaunchApp No Task File <==== ATTENTION
Task: {8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core No Task File <==== ATTENTION
Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - \Adobe Reader Speed Launcher No Task File <==== ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
PostgreSQL: Documentation: 8.3: The PostgreSQL User Account Gast-Konto und HomeGroupUser$-Konto löschen sinnvoll? Du hast nen SQL Server installiert.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.03.2015, 23:44
| #11 |
| | Sicherheitsupdate für W7 wiederholt sich..Code:
ATTFilter Loaded Profiles: *** & postgres (Available profiles: *** & postgres)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {4FFC8C6F-854C-4DD0-A731-63854D664787} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA No Task File <==== ATTENTION
Task: {6D55F12D-EB29-420E-B3BA-44B545ACFC5C} - \LaunchApp No Task File <==== ATTENTION
Task: {8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6} - \FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core No Task File <==== ATTENTION
Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - \Adobe Reader Speed Launcher No Task File <==== ATTENTION
Emptytemp:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FFC8C6F-854C-4DD0-A731-63854D664787}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FFC8C6F-854C-4DD0-A731-63854D664787}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D55F12D-EB29-420E-B3BA-44B545ACFC5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D55F12D-EB29-420E-B3BA-44B545ACFC5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8744B1F7-8C97-4DFD-B65A-BD9669D4B6E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-1687097068-401554184-1692899982-1001Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5668071-1E25-493E-809A-BA8B429F3FC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5668071-1E25-493E-809A-BA8B429F3FC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Reader Speed Launcher" => Key deleted successfully.
EmptyTemp: => Removed 569.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 21:40:52 ====
Kann ich schon mal probieren mit dem W7 Update und schauen ob das sich noch immer wiederholt? Oder brauchts noch extra Schritte? Edit: Anscheinend hat's noch nichts gebracht. Windows Update spinnt noch immer.. hab's gerade installiert und nach einer Minute kam wieder die Meldung, es gäbe neue Updates.. und wieder ist's das gleiche Update. Geändert von Zenon49 (08.03.2015 um 23:13 Uhr) |
|
09.03.2015, 13:13
| #12 |
| /// the machine /// TB-Ausbilder | Sicherheitsupdate für W7 wiederholt sich.. welches genau? KB Nummer? Wir lassen nach EEK noch ein Repair Tool für WIndows laufen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.03.2015, 02:27
| #13 | |
| | Sicherheitsupdate für W7 wiederholt sich..Zitat:
Das andere Programm kann ich vermutlich frühstens in einer Woche installieren, wenn ich wieder Wlan und kein mobiles Inet habe. Edit: Einige Zwischenfragen an die Experten... 1. So gut wie jegliche MHT Dateien sind infiziert?!?! Das sind doch lediglich Speicherungen von Webpages! Kann man dem bei Speicherung IRGENDWIE vorbeugen? Eben in Anbetracht eines OFFLINE Webarchives von Seiten??? Und kann ich den IFrame.Exploit nachträglich fixen/beheben ohne den Inhalt der Datei zu verlieren??? 2. Höchst interessant ist: Einige meiner Mails sind offebar infiziert.. dabei habe ich diese Mails nie geöffnet, Thunderbird hat mir die einfach mit Anhang auf den Rechner gezogen.. kann man dem nicht irgendwie vorbeugen? Ich würde gerne Thunderbird weiter nutzen, aber anscheinend ist es eine Unmöglichkeit Mails OHNE MITLADEN des Anhanges zu betrachten/zu speichern (nur laden des Headers finde ich etwas zu mager). Oder was habt Ihr hier für Tipps?! Vielleicht irgendwie in Kombination mit Sandboxie? 3. Any False-Positives hier? Ich hab' bis jetzt noch nichts entfernt, warte noch auf Feedbeck. Danke im Voraus! Hier die Logdatei: Code:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 09.03.2015 20:14:52
Benutzerkonto: acer-a-5750g\*****
Scan-Einstellungen:
Scan Methode: Eigener Scan
Objekte: Rootkits, Speicher, Traces, C:\, I:\, J:\, K:\, Z:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 09.03.2015 20:16:57
C:\Users\*****\AppData\Local\software gefunden: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1054\SOFTWARE\GAMESPY\GAMESPY ARCADE gefunden: Adware.Win32.Gaspacade (A)
Value: HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-1687097068-401554184-1692899982-1001\SOFTWARE\W3I, LLC gefunden: Application.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir gefunden: Application.Win32.WebToolbar (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir gefunden: Application.BrowserExt (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir gefunden: Adware.SearchProtect.W (B)
C:\Dropbox\MHTML\Aktfotografie_ Gestalten mit Licht - COLORFOTO.mht -> [Subject: Aktfotografie: Gestalten mit Licht - C][Date: Sun, 16 Nov 2014 23:57:49 +0100] -> (MIME part) -> (message body) -> (IFRAME 7) gefunden: Exploit.Iframe.Vulnerability (B)
C:\Dropbox\MHTML\Aktfotografie_ Gestalten mit Licht - COLORFOTO.mht -> [Subject: Aktfotografie: Gestalten mit Licht - C][Date: Sun, 16 Nov 2014 23:57:49 +0100] -> (MIME part) -> (message body) -> (IFRAME 11) gefunden: Exploit.Iframe.Vulnerability (B)
C:\Dropbox\MHTML\Aktfotografie_ Gestalten mit Licht - COLORFOTO.mht -> [Subject: Aktfotografie: Gestalten mit Licht - C][Date: Sun, 16 Nov 2014 23:57:49 +0100] -> (MIME part) -> (message body) -> (IFRAME 17) gefunden: Exploit.Iframe.Vulnerability (B)
C:\Dropbox\MHTML\Aktfotografie_ Gestalten mit Licht - COLORFOTO.mht -> [Subject: Aktfotografie: Gestalten mit Licht - C][Date: Sun, 16 Nov 2014 23:57:49 +0100] -> (MIME part) -> (message body) -> (IFRAME 2) gefunden: Exploit.Iframe.Vulnerability (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\INBOX -> (message 61) -> [Subject: =?utf-8?q?Ihr vorliegendes Girokonto i][Date: Fri, 12 Dec 2014 08:24:55 GMT] -> (MIME part) -> Rechnung 12.12.2014 - Inkasso Ebay AG.z -> Rechnung nicht gedeckten Lastschrift Ihrer Bestellung Ebay AG vom 12.12.2014.zip -> Forderung 12.12.2014 - Inkasso Ebay AG.com gefunden: Trojan.GenericKD.2023495 (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\INBOX -> (message 96) -> [Subject: =?utf-8?q?Automatische Lastschrift 645][Date: Tue, 30 Dec 2014 09:55:39 GMT] -> (MIME part) -> Rechnung 29.12.2014 - Sachbearbeiter Gi -> Rechnung nicht gedeckten Buchung Ihrer Bestellung GiroPay GmbH vom 29.12.2014.zip -> Ausgleich 29.12.2014 - Sachbearbeiter GiroPay GmbH.com -> (NSIS o) -> lzma_nsis0000 gefunden: Trojan.Nsis.Androm.3 (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\INBOX -> (message 96) -> [Subject: =?utf-8?q?Automatische Lastschrift 645][Date: Tue, 30 Dec 2014 09:55:39 GMT] -> (MIME part) -> Rechnung 29.12.2014 - Sachbearbeiter Gi -> Rechnung nicht gedeckten Buchung Ihrer Bestellung GiroPay GmbH vom 29.12.2014.zip -> Ausgleich 29.12.2014 - Sachbearbeiter GiroPay GmbH.com -> (NSIS o) -> lzma_nsis0002 gefunden: Trojan.GenericKD.2057723 (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\INBOX -> (message 161) -> [Subject: =?utf-8?q?Rechnung f=C3=BCr ***** Zer][Date: Wed, 4 Feb 2015 10:09:10 GMT] -> (MIME part) -> Forderung an *** *** 04.02.2015 - -> Ausgleich nicht gedeckten Lastschrift Ihrer Bestellung Bank Payment GmbH vom 04.02.2015.zip -> *** *** Ausgleich 04.02.2015 - Inkasso Bank Payment GmbH.com gefunden: Trojan.GenericKD.2143335 (B)
C:\Users\*****\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\Trash -> (message 61) -> [Subject: =?utf-8?q?Rechnung f=C3=BCr ***** Zer][Date: Wed, 4 Feb 2015 10:09:10 GMT] -> (MIME part) -> Forderung an *** *** 04.02.2015 - -> Ausgleich nicht gedeckten Lastschrift Ihrer Bestellung Bank Payment GmbH vom 04.02.2015.zip -> *** *** Ausgleich 04.02.2015 - Inkasso Bank Payment GmbH.com gefunden: Trojan.GenericKD.2143335 (B)
C:\Users\***\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\Trash -> (message 122) -> [Subject: =?utf-8?q?Automatische Lastschrift 645][Date: Tue, 30 Dec 2014 09:55:39 GMT] -> (MIME part) -> Rechnung 29.12.2014 - Sachbearbeiter Gi -> Rechnung nicht gedeckten Buchung Ihrer Bestellung GiroPay GmbH vom 29.12.2014.zip -> Ausgleich 29.12.2014 - Sachbearbeiter GiroPay GmbH.com -> (NSIS o) -> lzma_nsis0000 gefunden: Trojan.Nsis.Androm.3 (B)
C:\Users\***\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\Trash -> (message 122) -> [Subject: =?utf-8?q?Automatische Lastschrift 645][Date: Tue, 30 Dec 2014 09:55:39 GMT] -> (MIME part) -> Rechnung 29.12.2014 - Sachbearbeiter Gi -> Rechnung nicht gedeckten Buchung Ihrer Bestellung GiroPay GmbH vom 29.12.2014.zip -> Ausgleich 29.12.2014 - Sachbearbeiter GiroPay GmbH.com -> (NSIS o) -> lzma_nsis0002 gefunden: Trojan.GenericKD.2057723 (B)
C:\Users\***\AppData\Roaming\Thunderbird\Profiles\texpbgcw.default\ImapMail\imap.web.de\Trash -> (message 157) -> [Subject: =?utf-8?q?Ihr vorliegendes Girokonto i][Date: Fri, 12 Dec 2014 08:24:55 GMT] -> (MIME part) -> Rechnung 12.12.2014 - Inkasso Ebay AG.z -> Rechnung nicht gedeckten Lastschrift Ihrer Bestellung Ebay AG vom 12.12.2014.zip -> Forderung 12.12.2014 - Inkasso Ebay AG.com gefunden: Trojan.GenericKD.2023495 (B)
Z:\EBOOKS\Chris Mansion - Resident Evil HD Remaster Wiki Guide - IGN.mht -> [Subject: Chris Mansion - Resident Evil HD Remas][Date: Mon, 02 Mar 2015 16:07:10 +0100] -> (MIME part) -> (message body) -> (IFRAME 10) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\GameFAQs_ Resident Evil (PS) Jill Speed Guide (1_25) by Last Cetra.mht -> [Subject: GameFAQs: Resident Evil (PS) Jill Spee][Date: Fri, 06 Mar 2015 01:45:12 +0100] -> (MIME part) -> (message body) -> (IFRAME 1) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME 1) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME 1) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME 1) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME 1) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) -> (IFRAME 1) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\mht_back\Was gibt es für Unterschiede der ehemaligen DDR und BRD_ (Deutschland, geschichte).mht -> [Subject: =?utf-8?B?V2FzIGdpYnQgZXMgZsO8ciBVbnRl][Date: Tue, 03 Feb 2015 12:41:35 +0100] -> (MIME part) -> (message body) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\Rezepte _ Divinity_ Original Sin _ RPGuides.mht -> [Subject: Rezepte | Divinity: Original Sin | RPG][Date: Sat, 03 Jan 2015 15:46:48 +0100] -> (MIME part) -> (message body) -> (IFRAME 1) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\Rezepte _ Divinity_ Original Sin _ RPGuides.mht -> [Subject: Rezepte | Divinity: Original Sin | RPG][Date: Sat, 03 Jan 2015 15:46:48 +0100] -> (MIME part) -> (message body) -> (IFRAME 2) gefunden: Exploit.Iframe.Vulnerability (B)
Z:\Rezepte _ Divinity_ Original Sin _ RPGuides.mht -> [Subject: Rezepte | Divinity: Original Sin | RPG][Date: Sat, 03 Jan 2015 15:46:48 +0100] -> (MIME part) -> (message body) -> (IFRAME 3) gefunden: Exploit.Iframe.Vulnerability (B)
Gescannt 800398
Gefunden 32
Scan-Ende: 10.03.2015 01:56:15
Scan-Zeit: 5:39:18
Geändert von Zenon49 (10.03.2015 um 03:04 Uhr) |
|
10.03.2015, 19:44
| #14 |
| /// the machine /// TB-Ausbilder | Sicherheitsupdate für W7 wiederholt sich.. Lass mal ein paar der MHT Dateien bei Virustotal prüfen: Dateien online auf Viren prüfen - so geht's - Anleitungen Thunderbird kenne ich leider gar nicht.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.03.2015, 02:36
| #15 |
| | Sicherheitsupdate für W7 wiederholt sich.. https://www.virustotal.com/de/file/26aaa049066da76bf3689b5b5760c79f967fd57dd08909f803b8524533ab8f20/analysis/1426016405/ https://www.virustotal.com/de/file/d930092eb25e9510487f3b984e187e9494fecd4f01179746bff225fc8323880f/analysis/1426016182/ https://www.virustotal.com/de/file/92b8511190dedef7976d4f2506cae4ef7d7a9a819462db68a6d25f46f3451c3f/analysis/1426016237/ https://www.virustotal.com/de/file/a72f32638531e544faa34107a0d08af12f3086da5a067678d33233f0e06c9a59/analysis/1426016681/ Einige finden etwas, einige finden nix. Hab' mal folgendes probiert: hxxp://support.microsoft.com/kb/971058 Zunächst mit dem Tool. Dabei kam folgendes raus:  Nach diesem Fixversuch hab ich versucht nach Updates zu suchen, das dauerte seeeehr lange, dann erscheint BEVOR igendwelche Updates ÜBERHAUPT angezeigt werden das hier:  Leider bin ich dann nach dem Neustart wieder an der gleichen Stelle und nach dem Suchen kommt WIEDER: Nungut, hab' dann einen sauberen Neustart (hxxp://support.microsoft.com/kb/929135) probiert, doch ohne Erfolg. Kann so oft ich will neustarten, es bringt nix. Danach hab' ich die manuelle Anleitung befolgt(hxxp://support.microsoft.com/kb/971058). Bei der Registrierung einiger DLLs kamen jedoch diverse Fehler..  Und bei der Installation des neusten Windows Update-Agents kam leider ein Fehler...  Ich fürchte die Windows-Update Funktion ist nun gänzlich im EIMER. Noch irgendwelche Ideen wie man das fixen kann?! |
|
| Themen zu Sicherheitsupdate für W7 wiederholt sich.. |
| 64bit, gemeldet, installiere, installieren, installiert, korrekt, meldung, minute, minuten, neu, neue, neustart, problem, schädling, sicherheitsupdate, systeme, tagen, updates, verfügbar, verlauf, wichtiges, wiederholt, windows, windows 7, windows update |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
