| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.03.2015, 20:40
| #1 |
 |  Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen Hallo, habe eine Mail von Fiducia@fiducia.de bekommen, in der mir mitgeteilt wurde, ich hätte eine Eilüberweisung erfasst. Dummerweise klickte ich auf den Link "Ihr Zahlungsauftrag". Daraufhin öffnete sich ein Fenster mit Zahlen und Zeichen, das ich sofort schloss. Ich denke, ich habe mir einen Trojaner eingefangen. Bis jetzt keine Funktionsstörung des Computers. Nachfolgend die Logfiles: Defogger-disable.txt, FRST.txt, addition.txt, Gmer.txt, malwarebytes.txt und eset-online Scanner.txt Defogger_disable.txt: Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:28 on 25/03/2015 (Praxis)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Praxis (administrator) on HOMEOFFICE on 25-03-2015 19:30:42
Running from C:\Users\Praxis\Downloads
Loaded Profiles: Praxis (Available profiles: Praxis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
(Panda Security International) C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Users\Praxis\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe
(Microsoft Corporation) C:\587a4841f40facc313\MPSigStub.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [171344 2013-07-28] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158416 2013-07-09] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23248 2013-07-09] (FUJITSU LIMITED)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2967352 2012-10-26] (Synaptics Incorporated)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [144456 2013-03-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-30] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-09-02] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe [32736 2013-10-17] (Panda Security, S.L.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\MountPoints2: {86264c19-636c-11e4-bf2e-a0a8cdc9b43f} - E:\AutoRun.exe
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\MountPoints2: {9a2958ae-5bc4-11e4-a323-a0a8cdc9b43f} - E:\AutoRun.exe
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\MountPoints2: {d0fe6f27-5bc2-11e4-a561-a0a8cdc9b43f} - E:\AutoRun.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk
ShortcutTarget: Zahlungserinnerung.lnk -> C:\Profi cash\wzed.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fujitsu13.msn.com/?pc=FSJB
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://fujitsu13.msn.com/?pc=FSJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2326B32C-7A61-4E51-B966-E7FE66D95D9D}: [NameServer] 10.74.210.210 10.74.210.211
Tcpip\..\Interfaces\{A52A4A78-065F-4E85-9DB6-7C87A72A66DA}: [NameServer] 145.253.2.11
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-18]
CHR Extension: (Google Docs) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-18]
CHR Extension: (Google Drive) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-18]
CHR Extension: (Google Search) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-18]
CHR Extension: (Google Sheets) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-18]
CHR Extension: (Gmail) - C:\Users\Praxis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-15] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682064 2014-04-26] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [781280 2013-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-02] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe [140768 2013-12-20] (Panda Security, S.L.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2219520 2012-07-11] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2013-07-13] (FUJITSU LIMITED)
R2 PSUAService; C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe [37344 2013-10-17] (Panda Security, S.L.)
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336616 2013-12-03] (Dell SonicWALL, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-09-04] (Validity Sensors, Inc.) [File not signed]
R2 WAHost; C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe [558840 2014-06-25] (Panda Security International)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-08-05] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)
R2 dvctprov; C:\Windows\System32\DRIVERS\dvctprov.sys [105704 2013-08-30] (Panda Security, S.L.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [87696 2013-01-10] (O2Micro)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-07-23] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-31] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [113096 2013-08-07] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2013-06-27] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3584992 2013-07-31] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93440 2014-01-22] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [124160 2014-01-16] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-02-26] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116480 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [97024 2014-01-16] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [71424 2014-01-16] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [127744 2014-01-22] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [307456 2014-02-24] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [123648 2014-01-16] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [116992 2014-01-16] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [259328 2014-02-24] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109824 2014-01-22] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [170752 2014-01-17] (Panda Security, S.L.)
R0 PSINDvct; C:\Windows\System32\DRIVERS\PSINDvct.sys [53480 2013-08-30] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [124160 2014-01-17] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [207616 2014-01-26] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [126208 2014-01-17] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [139520 2014-01-17] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-03-06] (Realtek Semiconductor Corp.)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [110064 2013-12-03] (Dell SonicWALL, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 19:30 - 2015-03-25 19:30 - 02095616 _____ (Farbar) C:\Users\Praxis\Downloads\FRST64.exe
2015-03-25 19:30 - 2015-03-25 19:30 - 00022485 _____ () C:\Users\Praxis\Downloads\FRST.txt
2015-03-25 19:30 - 2015-03-25 19:30 - 00000000 ____D () C:\FRST
2015-03-25 19:28 - 2015-03-25 19:28 - 00000474 _____ () C:\Users\Praxis\Downloads\defogger_disable.log
2015-03-25 19:28 - 2015-03-25 19:28 - 00000000 _____ () C:\Users\Praxis\defogger_reenable
2015-03-25 19:27 - 2015-03-25 19:27 - 00050477 _____ () C:\Users\Praxis\Downloads\Defogger.exe
2015-03-24 00:28 - 2015-03-24 00:28 - 00380416 _____ () C:\Users\Praxis\Downloads\hsi9rdmq.exe
2015-03-24 00:27 - 2015-03-24 00:27 - 00380416 _____ () C:\Users\Praxis\Downloads\mlo9le1h.exe
2015-03-23 23:40 - 2015-03-23 23:40 - 02347384 _____ (ESET) C:\Users\Praxis\Downloads\esetsmartinstaller_deu.exe
2015-03-23 23:40 - 2015-03-23 23:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-23 23:36 - 2015-03-23 23:36 - 00448512 _____ (OldTimer Tools) C:\Users\Praxis\Downloads\TFC.exe
2015-03-23 23:29 - 2015-03-23 23:32 - 00000000 ____D () C:\AdwCleaner
2015-03-23 23:11 - 2015-03-24 00:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 23:11 - 2015-03-23 23:11 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-23 23:11 - 2015-03-23 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-23 23:10 - 2015-03-23 23:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-23 23:10 - 2015-03-23 23:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-23 23:10 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-23 23:10 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 11:05 - 2012-11-07 08:00 - 00058360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-11 20:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 20:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 20:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 20:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 20:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 20:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 20:16 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 20:16 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 20:16 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 20:16 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 20:16 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 20:16 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 20:16 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 20:16 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 20:16 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 20:16 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 20:16 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 20:16 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 20:16 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 20:16 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 20:16 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 20:16 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 20:16 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 20:16 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 20:16 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 20:16 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 20:16 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 20:16 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 20:16 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 20:16 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 20:16 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 20:16 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 20:16 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 20:16 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 20:16 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 20:16 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 20:16 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 20:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 20:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 20:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 20:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 20:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 20:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 20:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 20:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 20:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 20:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 20:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 20:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 20:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 20:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 20:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 20:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 20:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 20:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 20:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 20:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 20:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 20:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 20:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 20:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 20:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 20:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 20:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 20:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 20:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 20:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 20:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 20:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 20:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 20:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 20:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 20:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 20:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 20:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 20:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 20:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 20:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 20:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 20:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 20:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 20:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 20:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 20:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 20:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 20:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 20:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 20:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 20:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 20:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 20:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 20:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 20:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 20:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 20:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 20:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 20:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 20:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 20:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 20:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 20:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 20:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 20:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 20:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 20:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 20:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 20:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 20:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 20:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 20:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 20:15 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 20:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 20:15 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 20:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 20:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 20:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 20:14 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 20:14 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-02-24 21:31 - 2015-02-24 21:31 - 00000000 __SHD () C:\Users\Praxis\AppData\Local\EmieBrowserModeList
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-25 19:30 - 2014-08-12 19:36 - 01905760 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 19:30 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:30 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:28 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Praxis
2015-03-25 19:27 - 2013-12-25 12:23 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-25 19:27 - 2013-12-25 12:23 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-25 19:27 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 19:23 - 2014-09-18 18:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 19:23 - 2014-08-15 13:40 - 00000000 ____D () C:\Users\Praxis\Documents\Youcam
2015-03-25 19:23 - 2014-08-15 13:36 - 00003314 _____ () C:\Windows\System32\Tasks\Intel(R) Rapid Start Technology Manager
2015-03-25 19:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 19:22 - 2009-07-14 05:51 - 00063637 _____ () C:\Windows\setupact.log
2015-03-24 00:14 - 2014-09-18 18:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-23 23:33 - 2010-11-21 04:47 - 00791996 _____ () C:\Windows\PFRO.log
2015-03-23 23:27 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\ShellNew
2015-03-23 22:27 - 2014-09-18 18:52 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-23 21:28 - 2015-02-19 12:13 - 00000000 ____D () C:\Profi cash
2015-03-19 13:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-18 19:15 - 2014-09-18 12:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-14 20:44 - 2009-07-14 05:45 - 00373656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 20:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 20:19 - 2014-08-15 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 20:16 - 2014-08-15 16:06 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-24 04:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2013-12-26 07:44 - 2013-12-26 07:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 16:43
==================== End Of Log ============================
addition.txt Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Praxis at 2015-03-25 19:31:30
Running from C:\Users\Praxis\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Endpoint Protection (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Endpoint Protection (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Endpoint Protection Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Avast Anti-Virus Packages (HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\Avast Anti-Virus Packages) (Version: - ) <==== ATTENTION
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.9.0 - Brother Industries, Ltd.)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2931.0 - CyberLink Corp.)
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0123 - Fujitsu Technology Solutions)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FJ Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10220 - Realtek Semiconductor Corp.)
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Global VPN Client (HKLM\...\{88C972E7-D7FC-40F3-9FE5-180957F37B45}) (Version: 4.9.0 - Dell SonicWALL)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1332.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1050 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{828af006-cb5e-4d60-957a-523098a1b0f8}) (Version: 16.1.3 - Intel Corporation)
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.19.05.55 - Huawei Technologies Co.,Ltd)
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.3.0 - FUJITSU LIMITED)
LIFEBOOK Application Panel (Version: 8.3.3.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-51947407-3838788826-2378728623-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{3D7E0A16-5365-4DA4-B7F4-63DB89F45C3C}) (Version: 2.1.4.222GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.222GS - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Panda Endpoint Agent (HKLM-x32\...\PCOP Agent) (Version: 7.00.00.0000 - Panda Security)
Panda Endpoint Agent (x32 Version: 7.00.00.0000 - Panda Security) Hidden
Panda Endpoint Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 06.81.11.0000 - Panda Security)
Panda Endpoint Protection (Version: 5.15.00.0000 - Panda Security) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 7.0.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 7.0.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{CB0EA768-62F2-450E-88BC-74182237F564}) (Version: 42.0.0.0 (10.001) - FUJITSU LIMITED)
Power Saving Utility (Version: 42.0.0.0 - FUJITSU LIMITED) Hidden
Profi cash (HKLM-x32\...\Profi cash) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.1 - Synaptics Incorporated)
Validity WBF Driver (HKLM\...\{21B2930A-93E3-43C9-8E82-E4DFD4B15377}) (Version: 4.5.234.0 - Validity Sensors, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-51947407-3838788826-2378728623-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Praxis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
06-02-2015 12:56:33 Windows Update
14-02-2015 16:48:22 Windows Update
15-02-2015 09:44:48 Windows Update
17-02-2015 16:20:05 Windows Update
21-02-2015 10:39:27 Windows Update
24-02-2015 21:35:15 Windows Update
04-03-2015 21:16:22 Windows Update
14-03-2015 20:13:58 Windows Update
15-03-2015 11:08:40 Windows Update
19-03-2015 08:50:09 Windows Update
25-03-2015 19:30:26 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10F8FDFC-3C8A-4D26-A8DC-D7F480ACE0B3} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-06-27] (Intel)
Task: {2B2850A8-B425-48E9-958A-A2A3A32F294B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {48AD7F3C-0D87-47C2-8AA5-D4060B8332C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {6050F247-607F-423B-9F73-90A3A8869BAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {9A38392F-1689-409F-A3B5-9AFC020A07D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18] (Google Inc.)
Task: {D217B3D6-80CE-4536-A969-FC3051A796CE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-26] (Synaptics Incorporated)
Task: {DD79843F-2C5D-4683-8256-85E40039C4B7} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-09-02] (Fujitsu Technology Solutions)
Task: {E462199F-5D6F-4671-8DE3-443AC96BBE0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-27 13:25 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-15 04:42 - 2014-01-15 04:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-10-24 22:18 - 2014-04-26 07:15 - 00682064 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2015-03-25 19:27 - 2015-03-25 19:27 - 00050477 _____ () C:\Users\Praxis\Downloads\Defogger.exe
2014-11-17 15:33 - 2007-05-31 07:38 - 00167936 _____ () C:\Windows\SysWOW64\SerialXP.dll
2014-10-24 22:18 - 2013-08-16 07:53 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-10-24 22:18 - 2013-08-16 07:53 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-10-24 22:18 - 2014-02-15 08:31 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-10-24 22:18 - 2014-02-15 08:33 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2013-04-12 17:23 - 2013-04-12 17:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\WAC\SQLite3.dll
2014-11-23 15:15 - 2014-11-23 15:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00046336 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\ApiCr.dll
2014-06-24 08:43 - 2014-06-24 08:43 - 00103680 _____ () C:\Program Files (x86)\Panda Security\WaAgent\Common\MiniCrypto.dll
2014-11-23 21:38 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-23 22:26 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2014-08-12 19:37 - 2013-09-16 04:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-51947407-3838788826-2378728623-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Praxis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-51947407-3838788826-2378728623-500 - Administrator - Disabled)
Gast (S-1-5-21-51947407-3838788826-2378728623-501 - Limited - Disabled)
Praxis (S-1-5-21-51947407-3838788826-2378728623-1000 - Administrator - Enabled) => C:\Users\Praxis
==================== Faulty Device Manager Devices =============
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: EM7305
Description: EM7305
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/25/2015 07:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:40:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/23/2015 11:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:27:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 09:40:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 09:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2015 08:53:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 09:20:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 08:27:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 06:14:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/25/2015 07:23:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/25/2015 07:22:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/25/2015 07:22:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Error: (03/23/2015 11:37:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/23/2015 11:34:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/23/2015 11:33:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/23/2015 11:33:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht.
Error: (03/23/2015 11:33:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.03.2015 um 23:32:33 unerwartet heruntergefahren.
Error: (03/23/2015 11:28:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/23/2015 11:27:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (03/25/2015 07:22:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:40:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Praxis\Downloads\esetsmartinstaller_deu.exe
Error: (03/23/2015 11:34:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:27:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 09:40:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 09:25:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/21/2015 08:53:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 09:20:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 08:27:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2015 06:14:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-03-25 19:23:07.392
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-24 00:35:38.105
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-24 00:28:00.916
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 23:34:02.658
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 23:28:04.014
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 23:26:45.154
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 23:10:29.133
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 22:52:47.931
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 21:46:23.283
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-23 21:40:33.417
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8073.91 MB
Available physical RAM: 5446.9 MB
Total Pagefile: 16146.02 MB
Available Pagefile: 12962.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:213.82 GB) (Free:164.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 573692F2)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=228.5 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
==================== End Of Log ============================
Gmer.txt Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-25 19:48:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000080 SAMSUNG_ rev.EXT0 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Praxis\AppData\Local\Temp\uwtiraow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a21401 2 bytes JMP 7682b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a21419 2 bytes JMP 7682b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a21431 2 bytes JMP 768a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a2144a 2 bytes CALL 768048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a214dd 2 bytes JMP 768a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a214f5 2 bytes JMP 768a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a2150d 2 bytes JMP 768a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a21525 2 bytes JMP 768a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a2153d 2 bytes JMP 7681fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a21555 2 bytes JMP 768268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a2156d 2 bytes JMP 768a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a21585 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a2159d 2 bytes JMP 768a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a215b5 2 bytes JMP 7681fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a215cd 2 bytes JMP 7682b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a216b2 2 bytes JMP 768a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a216bd 2 bytes JMP 768a85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076a21401 2 bytes JMP 7682b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076a21419 2 bytes JMP 7682b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076a21431 2 bytes JMP 768a8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076a2144a 2 bytes CALL 768048ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076a214dd 2 bytes JMP 768a87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076a214f5 2 bytes JMP 768a8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076a2150d 2 bytes JMP 768a8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076a21525 2 bytes JMP 768a8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076a2153d 2 bytes JMP 7681fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076a21555 2 bytes JMP 768268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076a2156d 2 bytes JMP 768a8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076a21585 2 bytes JMP 768a8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076a2159d 2 bytes JMP 768a865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076a215b5 2 bytes JMP 7681fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076a215cd 2 bytes JMP 7682b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076a216b2 2 bytes JMP 768a8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076a216bd 2 bytes JMP 768a85f1 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [4132:6420] 000007fef24a9688
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2948](2014-10-24 21:18:45) 000000006fbc0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2948](2014-10-24 21:18:45) 000000006e940000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2948](2014-10-24 21:18:45) 000000006a1c0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2948](2014-10-24 21:18:45) 000000006ff00000
Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 000000006fbc0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 000000006e940000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 000000006a1c0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 0000000065100000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:18:45) 000000006ff00000
Library C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:30:28) 0000000068f00000
Library C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [6604](2014-10-24 21:30:28) 000000006bdc0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\a0a8cdc9b43f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\a0a8cdc9b43f (not active ControlSet)
---- EOF - GMER 2.1 ----
Malwarebytes antimalware.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.03.2015 Suchlauf-Zeit: 23:12:08 Logdatei: Malwarebytes.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.23.07 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Praxis Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 341762 Verstrichene Zeit: 14 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 4 PUP.Optional.SmartBar, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\SmartbarBackup, In Quarantäne, [f6fd58f07713ae88284dd45efa0be21e], PUP.Optional.SmartBar, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\SmartbarLog, In Quarantäne, [678cfb4da5e5e155a9cb141e739238c8], PUP.Optional.InstallCore.A, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [fff435139af03bfbf3a330d45fa5ef11], PUP.Optional.InstallCore.A, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\INSTALLCORE, In Quarantäne, [a053ce7a2a60f1450966e634b15415eb], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-51947407-3838788826-2378728623-1000\SOFTWARE\INSTALLCORE|tb, 0Q1O1R1R0D1G1J1S, In Quarantäne, [a053ce7a2a60f1450966e634b15415eb] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 4 PUP.Optional.SmartBar.A, C:\Users\Praxis\AppData\Local\Smartbar, In Quarantäne, [926163e5a3e787afeda194e0f90ad12f], PUP.Optional.SmartBar.A, C:\Users\Praxis\AppData\Local\Smartbar\Application, In Quarantäne, [926163e5a3e787afeda194e0f90ad12f], PUP.Optional.SmartBar.A, C:\Users\Praxis\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl, In Quarantäne, [926163e5a3e787afeda194e0f90ad12f], PUP.Optional.SmartBar.A, C:\Users\Praxis\AppData\Local\Smartbar\Application\Resources, In Quarantäne, [926163e5a3e787afeda194e0f90ad12f], Dateien: 1 PUP.Optional.InstallCore, C:\Users\Praxis\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z\Avast Anti-Virus Packages\uninstaller.exe, In Quarantäne, [9360ef59f991d363d060e55c6999cc34], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=231408b048b4144fa9144497aa139520
# engine=23043
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-23 11:21:59
# local_time=2015-03-24 12:21:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 15777270 213352493 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 316574 178782769 0 0
# scanned=129688
# found=0
# cleaned=0
# scan_time=2218
|
| Themen zu Windows 7: Volksbank Trojaner "Fiducia": Fraglicher Trojaner eingefangen |
| antivirus, avast anti-virus packages entfernen, defender, device driver, downloader, eset-online, fehlercode 0x5, fehlercode 22, fehlercode 28, fehlercode windows, pup.optional.installcore, pup.optional.installcore.a, pup.optional.smartbar, pup.optional.smartbar.a, registry, security, services.exe, svchost.exe, this device is disabled. (code 22), trojaner |
Baum-Darstellung