|
Plagegeister aller Art und deren Bekämpfung: Windows 7: PUA/Somoto.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.04.2015, 18:46 | #1 |
| Windows 7: PUA/Somoto.Gen Hallo Zusammen, mein Antivirusprogramm hat mir soeben den Fund "PUA/Somoto.Gen" gemeldet und diesen in Quarantäne verschoben. Arbeite in einem separaten, zugriffsbeschränkten Account. Es konnte lediglich der FRST-Scan durchgeführt werden, da die Deaktivierung des Antivirusprogramms für den GMER-Scan nicht möglich ist, der Zugriff endet stets mit der Meldung: "Auf das angegebene Geräte, bzw. den Pfad oder dieDatei konnte nicht zugegriffen werden." Zusätzlich mündet der Versuch eines Benutzerwechsels in einem Blackscreen. Nach Neustart befinde ich mich nun im Benutzerkonto des Administrators, Deaktivierung von AntiVir auch hier nicht möglich. Vielen Dank im Voraus für etwaige Hilfestellungen! Im Folgenden der FRST-Scan. FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by ACER (administrator) on FLORIAN on 12-04-2015 19:05:44 Running from C:\Users\ACER\Desktop Loaded Profiles: ACER (Available profiles: ACER & Florian) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe ( ) C:\Windows\System32\lxeacoms.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-11-12] (Raptr, Inc) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-05] (Adobe Systems Incorporated) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\EXPERT~1.scr HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation) Hosts: 127.0.0.1 hansesim.local Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\ACER\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-02-28] (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems) FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-18] Chrome: ======= CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25] CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25] CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-14] CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25] CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25] CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25] CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25] CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25] StartMenuInternet: Google Chrome - C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.) R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( ) S2 MySQLServer; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14241 2013-05-26] () [File not signed] R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) S3 Origin Client Service; C:\Games\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG) S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 19:05 - 2015-04-12 19:07 - 00019245 _____ () C:\Users\ACER\Desktop\FRST.txt 2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe 2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe 2015-04-12 19:02 - 2015-04-12 19:02 - 00000000 ____D () C:\Users\ACER\AppData\Local\Macromedia 2015-04-12 18:59 - 2015-04-12 19:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Mozilla 2015-04-12 18:44 - 2015-04-12 18:44 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe 2015-04-12 18:20 - 2015-04-12 18:21 - 00045174 _____ () C:\Users\Florian\Desktop\Addition.txt 2015-04-12 18:18 - 2015-04-12 18:21 - 00030311 _____ () C:\Users\Florian\Desktop\FRST.txt 2015-04-12 18:17 - 2015-04-12 19:05 - 00000000 ____D () C:\FRST 2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe 2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe 2015-04-09 21:26 - 2015-04-09 21:27 - 31462447 _____ () C:\Users\Florian\Downloads\offline-SWTARC.zip 2015-04-07 18:20 - 2015-04-07 18:22 - 08157098 _____ () C:\Users\Florian\Downloads\apache-tomcat-7.0.33.zip 2015-04-07 14:45 - 2015-04-07 14:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\JetBrains 2015-04-07 14:44 - 2015-04-07 14:44 - 00000000 ____D () C:\Users\Florian\.AndroidStudio 2015-04-07 14:43 - 2015-04-07 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio 2015-04-07 11:57 - 2015-04-07 12:20 - 856233768 _____ (Google Inc.) C:\Users\Florian\Downloads\android-studio-bundle-135.1740770-windows.exe 2015-04-06 20:10 - 2015-04-06 20:10 - 00000000 ____D () C:\Users\Florian\Documents\Visual Studio 2010 2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-04 12:39 - 2015-04-05 09:17 - 00000000 ____D () C:\Program Files (x86)\Thunderbird 2015-03-31 16:11 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-31 10:45 - 2015-03-31 18:29 - 00205126 _____ () C:\Windows\PFRO.log 2015-03-30 12:32 - 2015-03-30 12:32 - 00000183 _____ () C:\Users\Florian\Downloads\100373742194.sdx 2015-03-30 12:26 - 2015-03-30 12:27 - 13782032 _____ (Microsoft Corporation) C:\Users\Florian\Downloads\vssdk_full.exe 2015-03-30 12:19 - 2015-03-31 15:40 - 00036133 _____ () C:\Users\Florian\Downloads\SecureDownloadManager.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-12 19:03 - 2012-08-16 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-12 19:00 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-12 19:00 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-12 18:59 - 2012-10-28 13:24 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Mozilla 2015-04-12 18:58 - 2013-08-24 23:04 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Avira 2015-04-12 18:57 - 2012-01-11 13:13 - 01953147 _____ () C:\Windows\WindowsUpdate.log 2015-04-12 18:56 - 2013-12-09 16:06 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Raptr 2015-04-12 18:54 - 2012-03-17 19:09 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Adobe 2015-04-12 18:53 - 2012-03-17 18:48 - 00067408 _____ () C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-12 18:52 - 2013-03-08 19:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-12 18:52 - 2012-03-17 18:49 - 00001429 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-12 18:51 - 2014-10-17 11:19 - 00005544 _____ () C:\Windows\setupact.log 2015-04-12 18:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-12 18:10 - 2013-03-08 19:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-11 10:54 - 2012-08-03 21:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Adobe 2015-04-09 01:47 - 2012-08-28 02:58 - 00000000 ____D () C:\Aktien 2015-04-08 20:39 - 2015-01-04 20:15 - 00000000 ____D () C:\Users\Florian\.android 2015-04-08 09:57 - 2012-07-28 20:54 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla 2015-04-07 18:23 - 2012-07-29 13:44 - 00000000 ____D () C:\Tools 2015-04-07 14:44 - 2012-07-27 17:22 - 00000000 ____D () C:\Users\Florian 2015-04-06 20:07 - 2014-10-08 15:37 - 00000034 _____ () C:\Users\Florian\AppData\Roaming\AdobeWLCMCache.dat 2015-04-06 18:59 - 2012-12-06 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-31 16:17 - 2012-11-03 01:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira 2015-03-31 16:11 - 2012-11-03 01:43 - 00000000 ____D () C:\ProgramData\Avira 2015-03-31 10:58 - 2012-03-17 18:47 - 00000000 ____D () C:\Users\ACER 2015-03-31 10:45 - 2013-07-15 15:52 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-29 18:15 - 2012-01-11 21:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-03-29 18:15 - 2012-01-11 21:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-03-29 18:15 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-15 14:44 - 2014-08-23 14:48 - 00000000 ____D () C:\ProgramData\Lx_cats 2015-03-15 13:03 - 2014-09-29 00:57 - 00000962 _____ () C:\Users\Florian\Desktop\Studienorganisator Semester II.lnk 2015-03-13 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache ==================== Files in the root of some directories ======= 2014-10-01 15:24 - 2014-10-01 15:24 - 0000218 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel 2013-05-14 15:54 - 2014-10-17 11:16 - 0007619 _____ () C:\Users\ACER\AppData\Local\Resmon.ResmonCfg 2012-07-18 23:16 - 2012-07-18 23:16 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-01-11 13:32 - 2012-01-11 13:35 - 0015131 _____ () C:\ProgramData\ArcadeDeluxe5.log 2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\cmn_upld.log 2014-08-23 14:48 - 2014-08-23 14:48 - 0000252 _____ () C:\ProgramData\FastPics.log 2014-09-02 15:28 - 2014-10-16 12:00 - 0002520 _____ () C:\ProgramData\lxea.log 2014-08-23 14:48 - 2014-12-31 13:58 - 0001714 _____ () C:\ProgramData\lxeaJSW.log 2014-08-23 14:44 - 2014-10-17 10:16 - 0009510 _____ () C:\ProgramData\lxeascan.log 2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log 2012-07-27 17:01 - 2012-07-27 17:02 - 0000032 _____ () C:\ProgramData\PS.log 2014-08-23 14:43 - 2014-08-23 14:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt Some content of TEMP: ==================== C:\Users\ACER\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe C:\Users\ACER\AppData\Local\Temp\AMDCleanupUtility.exe C:\Users\ACER\AppData\Local\Temp\avgnt.exe C:\Users\ACER\AppData\Local\Temp\Cleanup.dll C:\Users\ACER\AppData\Local\Temp\difxapi.dll C:\Users\Florian\AppData\Local\Temp\avgnt.exe C:\Users\Florian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2jp2ns.dll C:\Users\Florian\AppData\Local\Temp\FileSystemView.dll C:\Users\Florian\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-07 15:48 ==================== End Of Log ============================ --- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015 Ran by ACER at 2015-04-12 19:07:40 Running from C:\Users\ACER\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated) Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated) Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated) Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version: - ) Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - ) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Astah Community 6.6.3 (HKLM\...\astah* community_is1) (Version: - Change Vision, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel) AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel) AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden BaseX (HKLM-x32\...\BaseX) (Version: - BaseX Team) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.3.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version: - ES-Computing) ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.) Facebook Messenger 2.1.4801.0 (HKLM-x32\...\{823ECDD2-E8E9-4E46-AB97-44516A27288E}) (Version: 2.1.4801.0 - Facebook) FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.4.2046 - OpenSight Software LLC) flatex fx (HKLM-x32\...\flatex fx) (Version: 4.00 - MetaQuotes Software Corp.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Fraps (HKLM-x32\...\Fraps) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GanttProject (HKLM-x32\...\GanttProject) (Version: - ) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java SE Development Kit 7 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle) Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation) JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JavaFX 2.1.1 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.27 - Alliance Software Pty Ltd) Market Samurai (x32 Version: 0.93.27 - Alliance Software Pty Ltd) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{c81217f5-344b-4b07-895e-97468942d363}) (Version: 12.0.30501 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla) Mozilla Thunderbird 14.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 14.0 (x86 de)) (Version: 14.0 - Mozilla) Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - ) MySQL Installer (HKLM-x32\...\{2D6DCDB3-9D02-4ED9-A67C-C76DB4682DE1}) (Version: 1.2.0.0 - Oracle Corporation) MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden Node.js (HKLM\...\{E292EB4D-988D-42CE-B042-68E7A83603BA}) (Version: 0.10.26 - Joyent, Inc. and other Node contributors) OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2064 - Electronic Arts, Inc.) Pencil (HKLM-x32\...\Pencil) (Version: - Evolus Co., Ltd.) PlanetSide 2 (HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.8-1.0.4843.13 - raidcall.com) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Talend Open Studio (HKLM-x32\...\Talend Open Studio) (Version: - ) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wireshark 1.8.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org) XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ==================== Restore Points ========================= 03-04-2015 13:46:01 Windows Update 04-04-2015 21:22:10 Windows Update 10-04-2015 10:15:53 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-03-28 15:31 - 00000850 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 hansesim.local ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {18B95E93-9A92-49A0-A60B-174EDAED8388} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {22F0D562-947D-45A6-BBC0-B46251ED59F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {28BE3017-4CB2-4193-B484-1E9354EC376B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2A85C90A-9A6A-4379-88A9-512E8D3B284A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {33EE17E5-0CFA-4F01-9C86-344AD3C1A4FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {49BB2F0B-854C-49DC-A726-619E30483D11} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer) Task: {5A45B0A1-41F4-4BEB-87B2-4EE3609A60C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {5A6E3495-EFC9-4400-A5F3-37F10BFB97F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {83F55C03-B4BC-43B2-A412-F6219BCFBC47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.) Task: {C567C572-5BF9-4D53-8528-910409FE3CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.) Task: {DAA0B56D-E6B0-4322-80B4-EFC67E1BB9EF} - System32\Tasks\AdobeAAMUpdater-1.0-FLORIAN-Florian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated) Task: {E0421B5D-B4C6-433C-A613-37CEF1A3B262} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-08-23 14:45 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2012-08-15 19:11 - 2014-09-24 17:28 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2014-12-19 16:57 - 2014-12-19 16:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2015-01-07 22:27 - 2015-01-07 22:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll 2015-01-07 22:27 - 2015-01-07 22:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll 2015-01-07 22:27 - 2015-01-07 22:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2012-06-22 23:53 - 2012-06-22 23:53 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2012-06-22 23:24 - 2012-06-22 23:24 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2012-06-22 23:39 - 2012-06-22 23:39 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2012-06-22 23:55 - 2012-06-22 23:55 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2012-02-06 22:28 - 2012-02-06 22:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd 2012-02-06 22:28 - 2012-02-06 22:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd 2012-02-06 22:28 - 2012-02-06 22:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd 2011-05-10 21:01 - 2011-05-10 21:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd 2012-06-22 23:59 - 2012-06-22 23:59 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-23 00:57 - 2010-11-23 00:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2012-10-27 09:53 - 2012-10-27 09:53 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll 2015-02-03 18:32 - 2015-02-03 18:32 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: AMDCleanup => C:\Grafiktreiber\AMDCleanupUtil.exe silent MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" ==================== Accounts: ============================= ACER (S-1-5-21-2040030199-1763219053-3685502851-1000 - Administrator - Enabled) => C:\Users\ACER Administrator (S-1-5-21-2040030199-1763219053-3685502851-500 - Administrator - Disabled) Florian (S-1-5-21-2040030199-1763219053-3685502851-1001 - Limited - Enabled) => C:\Users\Florian Gast (S-1-5-21-2040030199-1763219053-3685502851-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2040030199-1763219053-3685502851-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: AODDriver4.2.0 Description: AODDriver4.2.0 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.2.0 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2711282 Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2711282 Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10265 Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10265 Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9127 Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9127 Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/12/2015 03:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7114 System errors: ============= Error: (04/12/2015 06:51:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/12/2015 06:51:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/12/2015 06:51:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeaCATSCustConnectService erreicht. Error: (04/12/2015 06:51:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (04/12/2015 06:51:45 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 12.04.2015 um 18:50:43 unerwartet heruntergefahren. Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeaCATSCustConnectService erreicht. Error: (04/11/2015 03:11:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (04/11/2015 10:53:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2711282 Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2711282 Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10265 Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10265 Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9127 Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9127 Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/12/2015 03:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7114 CodeIntegrity Errors: =================================== Date: 2013-09-07 18:26:10.022 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-07 18:26:09.944 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-25 13:27:31.933 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-25 13:27:31.855 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-25 13:26:53.152 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-25 13:26:53.052 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-25 13:23:50.733 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-25 13:23:50.624 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-25 12:50:30.437 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-25 12:50:30.359 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics Percentage of memory in use: 29% Total physical RAM: 7654.11 MB Available physical RAM: 5389.57 MB Total Pagefile: 15306.41 MB Available Pagefile: 12879.32 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:682.42 GB) (Free:497.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 34F575C0) Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Vielen Dank! --- EDIT: Kurzer Nachtrag, das Problem der Deaktivierung des AntiVir-Programms konnte noch gelöst werden. Der explizite Start des Programms "als Administrator" brachte die gewünschte Zugriffberechtigung. Vorher funktionierte es merkwürdigerweise ohne diesen Aufwand. Im Folgenden noch der GMER-Scan. Gmer.txt: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-04-12 19:41:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 WDC_WD75 rev.01.0 698,64GB Running: Gmer-19357.exe; Driver: C:\Users\ACER\AppData\Local\Temp\axldypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000070ca17fa 2 bytes CALL 74b611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000070ca1860 2 bytes CALL 74b611a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000070ca1942 2 bytes JMP 765f7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000070ca194d 2 bytes JMP 765fcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.1 ---- |
12.04.2015, 18:50 | #2 |
/// the machine /// TB-Ausbilder | Windows 7: PUA/Somoto.Gen hi,
__________________Scan mit Combofix
__________________ |
12.04.2015, 19:29 | #3 |
| Windows 7: PUA/Somoto.Gen Hallo Schrauber,
__________________habe den Scan entsprechend laufen lassen. Code:
ATTFilter ComboFix 15-04-09.01 - ACER 12.04.2015 20:02:42.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7654.5311 [GMT 2:00] ausgeführt von:: c:\users\ACER\Desktop\ComboFix.exe AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\ACER\AppData\Roaming\.# c:\users\ACER\AppData\Roaming\.#\MBX@1034@1E82900.### c:\users\ACER\AppData\Roaming\.#\MBX@1034@1E82930.### c:\users\ACER\AppData\Roaming\.#\MBX@1034@1E82960.### c:\users\ACER\AppData\Roaming\.#\MBX@1060@1C2900.### c:\users\ACER\AppData\Roaming\.#\MBX@1060@1C2930.### c:\users\ACER\AppData\Roaming\.#\MBX@1060@1C2960.### c:\users\ACER\AppData\Roaming\.#\MBX@1088@232900.### c:\users\ACER\AppData\Roaming\.#\MBX@1088@232930.### c:\users\ACER\AppData\Roaming\.#\MBX@1088@232960.### c:\users\ACER\AppData\Roaming\.#\MBX@1168@1F72900.### c:\users\ACER\AppData\Roaming\.#\MBX@1168@1F72930.### c:\users\ACER\AppData\Roaming\.#\MBX@1168@1F72960.### c:\users\ACER\AppData\Roaming\.#\MBX@1234@2012900.### c:\users\ACER\AppData\Roaming\.#\MBX@1234@2012930.### c:\users\ACER\AppData\Roaming\.#\MBX@1234@2012960.### c:\users\ACER\AppData\Roaming\.#\MBX@1290@292900.### c:\users\ACER\AppData\Roaming\.#\MBX@1290@292930.### c:\users\ACER\AppData\Roaming\.#\MBX@1290@292960.### c:\users\ACER\AppData\Roaming\.#\MBX@132C@2072900.### c:\users\ACER\AppData\Roaming\.#\MBX@132C@2072930.### c:\users\ACER\AppData\Roaming\.#\MBX@132C@2072960.### c:\users\ACER\AppData\Roaming\.#\MBX@137C@2012900.### c:\users\ACER\AppData\Roaming\.#\MBX@137C@2012930.### c:\users\ACER\AppData\Roaming\.#\MBX@137C@2012960.### c:\users\ACER\AppData\Roaming\.#\MBX@13F0@1FC2900.### c:\users\ACER\AppData\Roaming\.#\MBX@13F0@1FC2930.### c:\users\ACER\AppData\Roaming\.#\MBX@13F0@1FC2960.### c:\users\ACER\AppData\Roaming\.#\MBX@348@1D2900.### c:\users\ACER\AppData\Roaming\.#\MBX@348@1D2930.### c:\users\ACER\AppData\Roaming\.#\MBX@348@1D2960.### c:\users\ACER\AppData\Roaming\.#\MBX@448@1F32900.### c:\users\ACER\AppData\Roaming\.#\MBX@448@1F32930.### c:\users\ACER\AppData\Roaming\.#\MBX@448@1F32960.### c:\users\ACER\AppData\Roaming\.#\MBX@4E8@282900.### c:\users\ACER\AppData\Roaming\.#\MBX@4E8@282930.### c:\users\ACER\AppData\Roaming\.#\MBX@4E8@282960.### c:\users\ACER\AppData\Roaming\.#\MBX@5A8@20B2900.### c:\users\ACER\AppData\Roaming\.#\MBX@5A8@20B2930.### c:\users\ACER\AppData\Roaming\.#\MBX@5A8@20B2960.### c:\users\ACER\AppData\Roaming\.#\MBX@634@3B2900.### c:\users\ACER\AppData\Roaming\.#\MBX@634@3B2930.### c:\users\ACER\AppData\Roaming\.#\MBX@634@3B2960.### c:\users\ACER\AppData\Roaming\.#\MBX@73C@2092900.### c:\users\ACER\AppData\Roaming\.#\MBX@73C@2092930.### c:\users\ACER\AppData\Roaming\.#\MBX@73C@2092960.### c:\users\ACER\AppData\Roaming\.#\MBX@948@20D2900.### c:\users\ACER\AppData\Roaming\.#\MBX@948@20D2930.### c:\users\ACER\AppData\Roaming\.#\MBX@948@20D2960.### c:\users\ACER\AppData\Roaming\.#\MBX@A38@1EE2900.### c:\users\ACER\AppData\Roaming\.#\MBX@A38@1EE2930.### c:\users\ACER\AppData\Roaming\.#\MBX@A38@1EE2960.### c:\users\ACER\AppData\Roaming\.#\MBX@C50@2F2900.### c:\users\ACER\AppData\Roaming\.#\MBX@C50@2F2930.### c:\users\ACER\AppData\Roaming\.#\MBX@C50@2F2960.### c:\users\ACER\AppData\Roaming\.#\MBX@CE0@262900.### c:\users\ACER\AppData\Roaming\.#\MBX@CE0@262930.### c:\users\ACER\AppData\Roaming\.#\MBX@CE0@262960.### c:\users\ACER\AppData\Roaming\.#\MBX@D10@1F42900.### c:\users\ACER\AppData\Roaming\.#\MBX@D10@1F42930.### c:\users\ACER\AppData\Roaming\.#\MBX@D10@1F42960.### c:\users\ACER\AppData\Roaming\.#\MBX@E38@1F62900.### c:\users\ACER\AppData\Roaming\.#\MBX@E38@1F62930.### c:\users\ACER\AppData\Roaming\.#\MBX@E38@1F62960.### c:\users\ACER\AppData\Roaming\.#\MBX@E38@292900.### c:\users\ACER\AppData\Roaming\.#\MBX@E38@292930.### c:\users\ACER\AppData\Roaming\.#\MBX@E38@292960.### c:\users\ACER\AppData\Roaming\.#\MBX@E80@1DD2900.### c:\users\ACER\AppData\Roaming\.#\MBX@E80@1DD2930.### c:\users\ACER\AppData\Roaming\.#\MBX@E80@1DD2960.### c:\users\ACER\AppData\Roaming\.#\MBX@EBC@672900.### c:\users\ACER\AppData\Roaming\.#\MBX@EBC@672930.### c:\users\ACER\AppData\Roaming\.#\MBX@EBC@672960.### c:\users\ACER\AppData\Roaming\.#\MBX@EE4@1F32900.### c:\users\ACER\AppData\Roaming\.#\MBX@EE4@1F32930.### c:\users\ACER\AppData\Roaming\.#\MBX@EE4@1F32960.### c:\users\ACER\AppData\Roaming\.#\MBX@F10@1EE2900.### c:\users\ACER\AppData\Roaming\.#\MBX@F10@1EE2930.### c:\users\ACER\AppData\Roaming\.#\MBX@F10@1EE2960.### c:\users\ACER\AppData\Roaming\.#\MBX@F84@922900.### c:\users\ACER\AppData\Roaming\.#\MBX@F84@922930.### c:\users\ACER\AppData\Roaming\.#\MBX@F84@922960.### c:\users\ACER\AppData\Roaming\.#\MBX@FDC@2C2900.### c:\users\ACER\AppData\Roaming\.#\MBX@FDC@2C2930.### c:\users\ACER\AppData\Roaming\.#\MBX@FDC@2C2960.### . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_AdobeUpdateService . . ((((((((((((((((((((((( Dateien erstellt von 2015-03-12 bis 2015-04-12 )))))))))))))))))))))))))))))) . . 2015-04-12 17:02 . 2015-04-12 17:02 -------- d-----w- c:\users\ACER\AppData\Local\Macromedia 2015-04-12 16:59 . 2015-04-12 17:00 -------- d-----w- c:\users\ACER\AppData\Local\Mozilla 2015-04-12 16:17 . 2015-04-12 17:08 -------- d-----w- C:\FRST 2015-04-12 15:28 . 2015-04-12 15:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D8898F-95A5-458B-86DE-AE3C290B78AE}\offreg.dll 2015-04-10 08:16 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D8898F-95A5-458B-86DE-AE3C290B78AE}\mpengine.dll 2015-04-07 12:45 . 2015-04-07 12:45 -------- d-----w- c:\users\Florian\AppData\Roaming\JetBrains 2015-04-07 12:44 . 2015-04-07 12:44 -------- d-----w- c:\users\Florian\.AndroidStudio 2015-04-04 19:22 . 2015-04-04 19:22 -------- d-s---w- c:\windows\SysWow64\GWX 2015-04-04 19:22 . 2015-04-04 19:22 -------- d-s---w- c:\windows\system32\GWX 2015-04-04 10:39 . 2015-04-05 07:17 -------- d-----w- c:\program files (x86)\Thunderbird 2015-03-30 10:23 . 2015-03-30 10:23 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-03-12 02:01 . 2012-08-15 10:56 122905848 ----a-w- c:\windows\system32\MRT.exe 2015-03-06 05:56 . 2015-03-11 08:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2015-03-06 05:56 . 2015-03-11 08:38 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2015-03-06 05:42 . 2015-03-11 08:38 210944 ----a-w- c:\windows\system32\wdigest.dll 2015-03-06 05:42 . 2015-03-11 08:38 86528 ----a-w- c:\windows\system32\TSpkg.dll 2015-03-06 05:42 . 2015-03-11 08:38 29184 ----a-w- c:\windows\system32\sspisrv.dll 2015-03-06 05:42 . 2015-03-11 08:38 136192 ----a-w- c:\windows\system32\sspicli.dll 2015-03-06 05:42 . 2015-03-11 08:38 341504 ----a-w- c:\windows\system32\schannel.dll 2015-03-06 05:42 . 2015-03-11 08:38 28160 ----a-w- c:\windows\system32\secur32.dll 2015-03-06 05:42 . 2015-03-11 08:38 314880 ----a-w- c:\windows\system32\msv1_0.dll 2015-03-06 05:42 . 2015-03-11 08:38 309760 ----a-w- c:\windows\system32\ncrypt.dll 2015-03-06 05:42 . 2015-03-11 08:38 728064 ----a-w- c:\windows\system32\kerberos.dll 2015-03-06 05:42 . 2015-03-11 08:38 1461760 ----a-w- c:\windows\system32\lsasrv.dll 2015-03-06 05:42 . 2015-03-11 08:38 22016 ----a-w- c:\windows\system32\credssp.dll 2015-03-06 05:41 . 2015-03-11 08:38 31232 ----a-w- c:\windows\system32\lsass.exe 2015-03-06 05:41 . 2015-03-11 08:38 64000 ----a-w- c:\windows\system32\auditpol.exe 2015-03-06 05:39 . 2015-03-11 08:38 60416 ----a-w- c:\windows\system32\msobjs.dll 2015-03-06 05:38 . 2015-03-11 08:38 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-03-06 05:36 . 2015-03-11 08:38 686080 ----a-w- c:\windows\system32\adtschema.dll 2015-03-06 05:10 . 2015-03-11 08:38 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2015-03-06 05:10 . 2015-03-11 08:38 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2015-03-06 05:10 . 2015-03-11 08:38 248832 ----a-w- c:\windows\SysWow64\schannel.dll 2015-03-06 05:10 . 2015-03-11 08:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2015-03-06 05:10 . 2015-03-11 08:38 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2015-03-06 05:10 . 2015-03-11 08:38 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll 2015-03-06 05:10 . 2015-03-11 08:38 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2015-03-06 05:10 . 2015-03-11 08:38 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2015-03-06 05:09 . 2015-03-11 08:38 50176 ----a-w- c:\windows\SysWow64\auditpol.exe 2015-03-06 05:09 . 2015-03-11 08:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2015-03-06 05:07 . 2015-03-11 08:38 60416 ----a-w- c:\windows\SysWow64\msobjs.dll 2015-03-06 05:07 . 2015-03-11 08:38 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2015-03-06 05:06 . 2015-03-11 08:38 686080 ----a-w- c:\windows\SysWow64\adtschema.dll 2015-03-03 10:20 . 2013-05-02 08:24 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2015-03-03 10:20 . 2013-03-28 09:09 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys 2015-03-03 10:20 . 2013-03-28 09:09 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2015-02-26 03:25 . 2015-03-11 08:37 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-24 03:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-24 03:15 . 2015-03-11 08:37 389800 ----a-w- c:\windows\system32\iedkcs32.dll 2015-02-21 01:16 . 2015-03-11 08:37 25021440 ----a-w- c:\windows\system32\mshtml.dll 2015-02-20 23:58 . 2015-03-11 08:37 92160 ----a-w- c:\windows\system32\mshtmled.dll 2015-02-20 04:41 . 2015-03-11 08:40 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 08:40 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 08:40 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 08:40 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 08:40 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 08:40 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 08:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 08:40 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 08:41 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 08:40 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-20 03:06 . 2015-03-11 08:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2015-02-20 03:05 . 2015-03-11 08:37 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2015-02-20 02:50 . 2015-03-11 08:37 66560 ----a-w- c:\windows\system32\iesetup.dll 2015-02-20 02:49 . 2015-03-11 08:37 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2015-02-20 02:49 . 2015-03-11 08:37 584192 ----a-w- c:\windows\system32\vbscript.dll 2015-02-20 02:48 . 2015-03-11 08:37 2886144 ----a-w- c:\windows\system32\iertutil.dll 2015-02-20 02:47 . 2015-03-11 08:37 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2015-02-20 02:41 . 2015-03-11 08:37 54784 ----a-w- c:\windows\system32\jsproxy.dll 2015-02-20 02:40 . 2015-03-11 08:37 34304 ----a-w- c:\windows\system32\iernonce.dll 2015-02-20 02:36 . 2015-03-11 08:37 633856 ----a-w- c:\windows\system32\ieui.dll 2015-02-20 02:35 . 2015-03-11 08:37 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2015-02-20 02:35 . 2015-03-11 08:37 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2015-02-20 02:34 . 2015-03-11 08:37 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2015-02-20 02:32 . 2015-03-11 08:37 6035456 ----a-w- c:\windows\system32\jscript9.dll 2015-02-20 02:26 . 2015-03-11 08:37 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2015-02-20 02:22 . 2015-03-11 08:37 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2015-02-20 02:22 . 2015-03-11 08:37 490496 ----a-w- c:\windows\system32\dxtmsft.dll 2015-02-20 02:13 . 2015-03-11 08:37 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2015-02-20 02:09 . 2015-03-11 08:37 503296 ----a-w- c:\windows\SysWow64\vbscript.dll 2015-02-20 02:08 . 2015-03-11 08:37 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2015-02-20 02:08 . 2015-03-11 08:37 199680 ----a-w- c:\windows\system32\msrating.dll 2015-02-20 02:08 . 2015-03-11 08:37 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2015-02-20 02:06 . 2015-03-11 08:37 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2015-02-20 02:05 . 2015-03-11 08:37 316928 ----a-w- c:\windows\system32\dxtrans.dll 2015-02-20 01:56 . 2015-03-11 08:37 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2015-02-20 01:56 . 2015-03-11 08:37 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2015-02-20 01:49 . 2015-03-11 08:37 718848 ----a-w- c:\windows\system32\ie4uinit.exe 2015-02-20 01:49 . 2015-03-11 08:37 801280 ----a-w- c:\windows\system32\msfeeds.dll 2015-02-20 01:47 . 2015-03-11 08:37 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2015-02-20 01:46 . 2015-03-11 08:37 2125824 ----a-w- c:\windows\system32\inetcpl.cpl 2015-02-20 01:43 . 2015-03-11 08:37 14398976 ----a-w- c:\windows\system32\ieframe.dll 2015-02-20 01:41 . 2015-03-11 08:37 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2015-02-20 01:30 . 2015-03-11 08:37 4300288 ----a-w- c:\windows\SysWow64\jscript9.dll 2015-02-20 01:28 . 2015-03-11 08:37 2358784 ----a-w- c:\windows\system32\wininet.dll 2015-02-20 01:24 . 2015-03-11 08:37 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2015-02-20 01:23 . 2015-03-11 08:37 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2015-02-20 01:16 . 2015-03-11 08:37 1548288 ----a-w- c:\windows\system32\urlmon.dll 2015-02-20 01:03 . 2015-03-11 08:37 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2015-02-20 01:01 . 2015-03-11 08:37 1888256 ----a-w- c:\windows\SysWow64\wininet.dll 2015-02-13 05:22 . 2015-03-11 08:38 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-02-05 16:03 . 2012-08-16 00:02 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-02-05 16:03 . 2011-11-02 21:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-02-04 03:16 . 2015-03-11 08:34 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-02-04 02:54 . 2015-03-11 08:34 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2015-02-03 03:34 . 2015-03-11 08:40 693176 ----a-w- c:\windows\system32\winload.efi 2015-02-03 03:34 . 2015-03-11 08:40 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-02-03 03:34 . 2015-03-11 08:40 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-02-03 03:33 . 2015-03-11 08:40 616360 ----a-w- c:\windows\system32\winresume.efi 2015-02-03 03:31 . 2015-03-11 08:40 14632960 ----a-w- c:\windows\system32\wmp.dll 2015-02-03 03:31 . 2015-03-11 08:40 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2013-11-12 55360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-15 1081424] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712] "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-31 726320] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888] "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-01-07 2694320] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxeaserv.exe [x] R2 MySQLServer;MySQLServer;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQLServer;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQLServer [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] R3 Origin Client Service;Origin Client Service;c:\games\Origin\OriginClientService.exe;c:\games\Origin\OriginClientService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x] S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x] S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x] S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2015-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 16:03] . 2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08 17:19] . 2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08 17:19] . 2014-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job - c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 15:28] . 2014-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job - c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 15:28] . 2015-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job - c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 15:28] . 2015-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job - c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 15:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2014-12-19 14:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2014-12-19 14:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2014-12-19 14:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-09-19 557768] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://acer.msn.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe AddRemove-EditPlus 3 - c:\tools\remove.exe AddRemove-Mozilla Thunderbird 14.0 (x86 de) - c:\program files (x86)\uninstall\helper.exe AddRemove-MultiBit 0.5.14 - c:\program files (x86)\Java\jre7\bin\javaw.exe AddRemove-Talend Open Studio - c:\tools\BI\Talend\Uninstall-TOS_DI-Win32-r101800-V5.3.0.exe AddRemove-soe-PlanetSide 2 PSG - c:\games\PlanetSide 2\Uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQLServer] "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQLServer" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQLServer] "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQLServer" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Launch Manager\LMutilps32.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-04-12 20:25:31 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2015-04-12 18:25 . Vor Suchlauf: 20 Verzeichnis(se), 533.930.549.248 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 545.080.852.480 Bytes frei . - - End Of File - - 239423E8DC876524B90B57EEBC299FCD A36C5E4F47E84449FF07ED3517B43A31 |
13.04.2015, 09:49 | #4 |
/// the machine /// TB-Ausbilder | Windows 7: PUA/Somoto.Gen Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.04.2015, 11:07 | #5 |
| Windows 7: PUA/Somoto.Gen Hallo Schrauber, hier die Resultate der Scans. mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.04.2015 Suchlauf-Zeit: 11:11:16 Logdatei: mbam.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.13.03 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ACER Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 430063 Verstrichene Zeit: 26 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.201 - Bericht erstellt 13/04/2015 um 11:48:21 # Aktualisiert 08/04/2015 von Xplode # Datenbank : 2015-04-08.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : ACER - FLORIAN # Gestarted von : C:\Users\ACER\Desktop\AdwCleaner_4.201.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v37.0.1 (x86 de) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [1041 Bytes] - [13/04/2015 11:45:46] AdwCleaner[S0].txt - [963 Bytes] - [13/04/2015 11:48:21] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1021 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.5.3 (04.07.2015:1) OS: Windows 7 Home Premium x64 Ran by ACER on 13.04.2015 at 11:54:19,89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\flexnet" ~~~ FireFox Emptied folder: C:\Users\ACER\AppData\Roaming\mozilla\firefox\profiles\cgozwaas.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.04.2015 at 11:57:53,52 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by ACER (administrator) on FLORIAN on 13-04-2015 11:59:55 Running from C:\Users\ACER\Desktop Loaded Profiles: ACER (Available profiles: ACER & Florian) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-11-12] (Raptr, Inc) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\EXPERT~1.scr HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-13] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\ACER\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-02-28] (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems) FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-18] Chrome: ======= CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25] CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25] CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25] CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25] CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25] CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13] CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25] CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25] StartMenuInternet: Google Chrome - C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) S2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( ) S2 MBAMService; C:\Program Files (x86)\Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S2 MySQLServer; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14241 2013-05-26] () [File not signed] S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) S3 Origin Client Service; C:\Games\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 11:59 - 2015-04-13 12:01 - 00016151 _____ () C:\Users\ACER\Desktop\FRST.txt 2015-04-13 11:57 - 2015-04-13 11:57 - 00000870 _____ () C:\Users\ACER\Desktop\JRT.txt 2015-04-13 11:54 - 2015-04-13 11:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FLORIAN-Windows-7-Home-Premium-(64-bit).dat 2015-04-13 11:54 - 2015-04-13 11:54 - 00000000 ____D () C:\RegBackup 2015-04-13 11:53 - 2015-04-13 11:53 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe 2015-04-13 11:45 - 2015-04-13 11:48 - 00000000 ____D () C:\AdwCleaner 2015-04-13 11:44 - 2015-04-13 11:13 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe 2015-04-13 11:40 - 2015-04-13 11:40 - 00001209 _____ () C:\Users\ACER\Desktop\mbam.txt 2015-04-13 11:10 - 2015-04-13 11:10 - 00000979 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-13 09:53 - 2015-04-13 09:53 - 00561064 _____ (Oracle Corporation) C:\Users\Florian\Downloads\chromeinstall-8u40.exe 2015-04-13 09:51 - 2015-04-13 09:51 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Oracle 2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-12 20:25 - 2015-04-12 20:25 - 00034244 _____ () C:\ComboFix.txt 2015-04-12 19:58 - 2015-04-12 20:25 - 00000000 ____D () C:\Qoobox 2015-04-12 19:58 - 2015-04-12 20:25 - 00000000 ____D () C:\ComboFix 2015-04-12 19:58 - 2015-04-12 20:23 - 00000000 ____D () C:\Windows\erdnt 2015-04-12 19:58 - 2015-04-12 19:57 - 05617275 ____R () C:\Users\ACER\Desktop\ComboFix.exe 2015-04-12 19:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-12 19:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-12 19:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-12 19:10 - 2015-04-12 19:10 - 00380416 _____ () C:\Users\ACER\Desktop\Gmer-19357.exe 2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe 2015-04-12 19:02 - 2015-04-12 19:02 - 00000000 ____D () C:\Users\ACER\AppData\Local\Macromedia 2015-04-12 18:59 - 2015-04-12 19:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Mozilla 2015-04-12 18:44 - 2015-04-12 18:44 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe 2015-04-12 18:20 - 2015-04-12 18:21 - 00045174 _____ () C:\Users\Florian\Desktop\Addition.txt 2015-04-12 18:18 - 2015-04-12 18:21 - 00030311 _____ () C:\Users\Florian\Desktop\FRST.txt 2015-04-12 18:17 - 2015-04-13 11:59 - 00000000 ____D () C:\FRST 2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe 2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe 2015-04-09 21:26 - 2015-04-09 21:27 - 31462447 _____ () C:\Users\Florian\Downloads\offline-SWTARC.zip 2015-04-07 18:20 - 2015-04-07 18:22 - 08157098 _____ () C:\Users\Florian\Downloads\apache-tomcat-7.0.33.zip 2015-04-07 14:45 - 2015-04-07 14:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\JetBrains 2015-04-07 14:44 - 2015-04-07 14:44 - 00000000 ____D () C:\Users\Florian\.AndroidStudio 2015-04-07 14:43 - 2015-04-07 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio 2015-04-07 11:57 - 2015-04-07 12:20 - 856233768 _____ (Google Inc.) C:\Users\Florian\Downloads\android-studio-bundle-135.1740770-windows.exe 2015-04-06 20:10 - 2015-04-06 20:10 - 00000000 ____D () C:\Users\Florian\Documents\Visual Studio 2010 2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-04 12:39 - 2015-04-05 09:17 - 00000000 ____D () C:\Program Files (x86)\Thunderbird 2015-03-31 16:11 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-31 10:45 - 2015-04-12 20:16 - 00205678 _____ () C:\Windows\PFRO.log 2015-03-30 12:32 - 2015-03-30 12:32 - 00000183 _____ () C:\Users\Florian\Downloads\100373742194.sdx 2015-03-30 12:26 - 2015-03-30 12:27 - 13782032 _____ (Microsoft Corporation) C:\Users\Florian\Downloads\vssdk_full.exe 2015-03-30 12:19 - 2015-03-31 15:40 - 00036133 _____ () C:\Users\Florian\Downloads\SecureDownloadManager.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 11:55 - 2012-01-11 13:13 - 01989869 _____ () C:\Windows\WindowsUpdate.log 2015-04-13 11:55 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-13 11:55 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-13 11:52 - 2013-12-09 16:06 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Raptr 2015-04-13 11:50 - 2013-03-08 19:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-13 11:49 - 2014-10-17 11:19 - 00005712 _____ () C:\Windows\setupact.log 2015-04-13 11:49 - 2012-12-06 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-13 11:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-13 11:11 - 2014-06-18 10:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-13 11:10 - 2014-06-18 10:56 - 00000000 ____D () C:\Program Files (x86)\Anti-Malware 2015-04-13 11:10 - 2013-03-08 19:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-13 11:03 - 2012-08-16 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-13 09:54 - 2015-01-25 16:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-04-13 09:54 - 2014-08-09 10:52 - 00000000 ____D () C:\Program Files (x86)\Java 2015-04-13 09:54 - 2012-08-03 21:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Adobe 2015-04-12 20:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-04-12 20:18 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-12 18:59 - 2012-10-28 13:24 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Mozilla 2015-04-12 18:58 - 2013-08-24 23:04 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Avira 2015-04-12 18:54 - 2012-03-17 19:09 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Adobe 2015-04-12 18:53 - 2012-03-17 18:48 - 00067408 _____ () C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-12 18:52 - 2012-03-17 18:49 - 00001429 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-09 01:47 - 2012-08-28 02:58 - 00000000 ____D () C:\Aktien 2015-04-08 20:39 - 2015-01-04 20:15 - 00000000 ____D () C:\Users\Florian\.android 2015-04-08 09:57 - 2012-07-28 20:54 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla 2015-04-07 18:23 - 2012-07-29 13:44 - 00000000 ____D () C:\Tools 2015-04-07 14:44 - 2012-07-27 17:22 - 00000000 ____D () C:\Users\Florian 2015-04-06 20:07 - 2014-10-08 15:37 - 00000034 _____ () C:\Users\Florian\AppData\Roaming\AdobeWLCMCache.dat 2015-03-31 16:17 - 2012-11-03 01:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira 2015-03-31 16:11 - 2012-11-03 01:43 - 00000000 ____D () C:\ProgramData\Avira 2015-03-31 10:58 - 2012-03-17 18:47 - 00000000 ____D () C:\Users\ACER 2015-03-31 10:45 - 2013-07-15 15:52 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-29 18:15 - 2012-01-11 21:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-03-29 18:15 - 2012-01-11 21:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-03-29 18:15 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-17 06:15 - 2014-06-18 10:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 06:15 - 2014-06-18 10:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 06:15 - 2014-06-18 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-15 14:44 - 2014-08-23 14:48 - 00000000 ____D () C:\ProgramData\Lx_cats 2015-03-15 13:03 - 2014-09-29 00:57 - 00000962 _____ () C:\Users\Florian\Desktop\Studienorganisator Semester II.lnk ==================== Files in the root of some directories ======= 2014-10-01 15:24 - 2014-10-01 15:24 - 0000218 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel 2013-05-14 15:54 - 2014-10-17 11:16 - 0007619 _____ () C:\Users\ACER\AppData\Local\Resmon.ResmonCfg 2012-07-18 23:16 - 2012-07-18 23:16 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-01-11 13:32 - 2012-01-11 13:35 - 0015131 _____ () C:\ProgramData\ArcadeDeluxe5.log 2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\cmn_upld.log 2014-08-23 14:48 - 2014-08-23 14:48 - 0000252 _____ () C:\ProgramData\FastPics.log 2014-09-02 15:28 - 2014-10-16 12:00 - 0002520 _____ () C:\ProgramData\lxea.log 2014-08-23 14:48 - 2014-12-31 13:58 - 0001714 _____ () C:\ProgramData\lxeaJSW.log 2014-08-23 14:44 - 2014-10-17 10:16 - 0009510 _____ () C:\ProgramData\lxeascan.log 2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log 2012-07-27 17:01 - 2012-07-27 17:02 - 0000032 _____ () C:\ProgramData\PS.log 2014-08-23 14:43 - 2014-08-23 14:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt Some content of TEMP: ==================== C:\Users\ACER\AppData\Local\Temp\avgnt.exe C:\Users\ACER\AppData\Local\Temp\Quarantine.exe C:\Users\ACER\AppData\Local\Temp\sqlite3.dll C:\Users\Florian\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-07 15:48 ==================== End Of Log ============================ --- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015 Ran by ACER at 2015-04-13 12:01:53 Running from C:\Users\ACER\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated) Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer) Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated) Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated) Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version: - ) Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - ) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Astah Community 6.6.3 (HKLM\...\astah* community_is1) (Version: - Change Vision, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel) AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel) AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden BaseX (HKLM-x32\...\BaseX) (Version: - BaseX Team) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.3.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version: - ES-Computing) ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.) Facebook Messenger 2.1.4801.0 (HKLM-x32\...\{823ECDD2-E8E9-4E46-AB97-44516A27288E}) (Version: 2.1.4801.0 - Facebook) FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.4.2046 - OpenSight Software LLC) flatex fx (HKLM-x32\...\flatex fx) (Version: 4.00 - MetaQuotes Software Corp.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Fraps (HKLM-x32\...\Fraps) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GanttProject (HKLM-x32\...\GanttProject) (Version: - ) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Java SE Development Kit 7 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle) Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation) JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JavaFX 2.1.1 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.27 - Alliance Software Pty Ltd) Market Samurai (x32 Version: 0.93.27 - Alliance Software Pty Ltd) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{c81217f5-344b-4b07-895e-97468942d363}) (Version: 12.0.30501 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla) Mozilla Thunderbird 14.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 14.0 (x86 de)) (Version: 14.0 - Mozilla) Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - ) MySQL Installer (HKLM-x32\...\{2D6DCDB3-9D02-4ED9-A67C-C76DB4682DE1}) (Version: 1.2.0.0 - Oracle Corporation) MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden Node.js (HKLM\...\{E292EB4D-988D-42CE-B042-68E7A83603BA}) (Version: 0.10.26 - Joyent, Inc. and other Node contributors) OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2064 - Electronic Arts, Inc.) Pencil (HKLM-x32\...\Pencil) (Version: - Evolus Co., Ltd.) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.8-1.0.4843.13 - raidcall.com) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Talend Open Studio (HKLM-x32\...\Talend Open Studio) (Version: - ) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wireshark 1.8.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org) XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File ==================== Restore Points ========================= 03-04-2015 13:46:01 Windows Update 04-04-2015 21:22:10 Windows Update 10-04-2015 10:15:53 Windows Update 12-04-2015 19:58:54 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-04-12 20:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {18B95E93-9A92-49A0-A60B-174EDAED8388} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {22F0D562-947D-45A6-BBC0-B46251ED59F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {28BE3017-4CB2-4193-B484-1E9354EC376B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2A85C90A-9A6A-4379-88A9-512E8D3B284A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {33EE17E5-0CFA-4F01-9C86-344AD3C1A4FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {49BB2F0B-854C-49DC-A726-619E30483D11} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer) Task: {5A45B0A1-41F4-4BEB-87B2-4EE3609A60C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {5A6E3495-EFC9-4400-A5F3-37F10BFB97F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {83F55C03-B4BC-43B2-A412-F6219BCFBC47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.) Task: {C567C572-5BF9-4D53-8528-910409FE3CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.) Task: {DAA0B56D-E6B0-4322-80B4-EFC67E1BB9EF} - System32\Tasks\AdobeAAMUpdater-1.0-FLORIAN-Florian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated) Task: {E0421B5D-B4C6-433C-A613-37CEF1A3B262} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2014-08-23 14:45 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll 2015-02-05 18:03 - 2015-02-05 18:03 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: AMDCleanup => C:\Grafiktreiber\AMDCleanupUtil.exe silent MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" ==================== Accounts: ============================= ACER (S-1-5-21-2040030199-1763219053-3685502851-1000 - Administrator - Enabled) => C:\Users\ACER Administrator (S-1-5-21-2040030199-1763219053-3685502851-500 - Administrator - Disabled) Florian (S-1-5-21-2040030199-1763219053-3685502851-1001 - Limited - Enabled) => C:\Users\Florian Gast (S-1-5-21-2040030199-1763219053-3685502851-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2040030199-1763219053-3685502851-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: AODDriver4.2.0 Description: AODDriver4.2.0 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.2.0 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics Percentage of memory in use: 24% Total physical RAM: 7654.11 MB Available physical RAM: 5812.68 MB Total Pagefile: 15306.41 MB Available Pagefile: 13306.91 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:682.42 GB) (Free:507.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 34F575C0) Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
13.04.2015, 15:49 | #6 |
/// the machine /// TB-Ausbilder | Windows 7: PUA/Somoto.GenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 7: PUA/Somoto.Gen |
13.04.2015, 23:57 | #7 |
| Windows 7: PUA/Somoto.Gen Hallo Schrauber, hier erneut die Resultate der Scans. ESET.txt: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=177c3eb8e6c5884d8fdb5e7dc7d93408 # engine=23355 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-04-13 09:06:19 # local_time=2015-04-13 11:06:19 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 106661 180589029 0 0 # scanned=514338 # found=0 # cleaned=0 # scan_time=20036 Code:
ATTFilter Results of screen317's Security Check version 1.00 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java 8 Update 31 Java 8 Update 40 Adobe Flash Player 16.0.0.305 Flash Player out of Date! Adobe Reader 10.1.13 Adobe Reader out of Date! Mozilla Firefox (37.0.1) Mozilla Thunderbird (31.6.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015 Ran by ACER (administrator) on FLORIAN on 14-04-2015 00:49:22 Running from C:\Users\ACER\Desktop Loaded Profiles: ACER & Florian (Available profiles: ACER & Florian) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (ES-Computing) C:\Tools\Editplus\editplus.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-06] (ELAN Microelectronics Corp.) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-11-12] (Raptr, Inc) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\EXPERT~1.scr HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Run: [Google Update] => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-27] (Google Inc.) HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Run: [GoogleChromeAutoLaunch_4BC71BA0F323207FECDF97ADA8C142B9] => C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.proentry.de/ HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-13] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\ACER\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-02-28] (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems) FF Plugin HKU\S-1-5-21-2040030199-1763219053-3685502851-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Florian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google) FF Plugin HKU\S-1-5-21-2040030199-1763219053-3685502851-1001: @talk.google.com/O1DPlugin -> C:\Users\Florian\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google) FF Plugin HKU\S-1-5-21-2040030199-1763219053-3685502851-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin HKU\S-1-5-21-2040030199-1763219053-3685502851-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-18] Chrome: ======= CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25] CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25] CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25] CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25] CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25] CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13] CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25] CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25] StartMenuInternet: Google Chrome - C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) S2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( ) S2 MBAMService; C:\Program Files (x86)\Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S2 MySQLServer; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14241 2013-05-26] () [File not signed] S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) S3 Origin Client Service; C:\Games\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 00:49 - 2015-04-14 00:49 - 00020028 _____ () C:\Users\ACER\Desktop\FRST.txt 2015-04-14 00:43 - 2015-04-14 00:43 - 00852616 _____ () C:\Users\ACER\Downloads\SecurityCheck.exe 2015-04-14 00:43 - 2015-04-14 00:43 - 00852616 _____ () C:\Users\ACER\Desktop\SecurityCheck.exe 2015-04-14 00:42 - 2015-04-14 00:42 - 00000695 _____ () C:\Users\ACER\Desktop\ESET.txt 2015-04-13 17:22 - 2015-04-13 17:22 - 02347384 _____ (ESET) C:\Users\ACER\Downloads\esetsmartinstaller_deu.exe 2015-04-13 11:54 - 2015-04-13 11:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FLORIAN-Windows-7-Home-Premium-(64-bit).dat 2015-04-13 11:54 - 2015-04-13 11:54 - 00000000 ____D () C:\RegBackup 2015-04-13 11:53 - 2015-04-13 11:53 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe 2015-04-13 11:45 - 2015-04-13 11:48 - 00000000 ____D () C:\AdwCleaner 2015-04-13 11:44 - 2015-04-13 11:13 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe 2015-04-13 11:10 - 2015-04-13 11:10 - 00000979 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-13 09:53 - 2015-04-13 09:53 - 00561064 _____ (Oracle Corporation) C:\Users\Florian\Downloads\chromeinstall-8u40.exe 2015-04-13 09:51 - 2015-04-13 09:51 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Oracle 2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-12 20:25 - 2015-04-12 20:25 - 00034244 _____ () C:\ComboFix.txt 2015-04-12 19:58 - 2015-04-12 20:25 - 00000000 ____D () C:\Qoobox 2015-04-12 19:58 - 2015-04-12 20:25 - 00000000 ____D () C:\ComboFix 2015-04-12 19:58 - 2015-04-12 20:23 - 00000000 ____D () C:\Windows\erdnt 2015-04-12 19:58 - 2015-04-12 19:57 - 05617275 ____R (Swearware) C:\Users\ACER\Desktop\ComboFix.exe 2015-04-12 19:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-12 19:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-12 19:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-12 19:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-12 19:10 - 2015-04-12 19:10 - 00380416 _____ () C:\Users\ACER\Desktop\Gmer-19357.exe 2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe 2015-04-12 19:02 - 2015-04-12 19:02 - 00000000 ____D () C:\Users\ACER\AppData\Local\Macromedia 2015-04-12 18:59 - 2015-04-12 19:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Mozilla 2015-04-12 18:44 - 2015-04-12 18:44 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe 2015-04-12 18:20 - 2015-04-12 18:21 - 00045174 _____ () C:\Users\Florian\Desktop\Addition.txt 2015-04-12 18:18 - 2015-04-12 18:21 - 00030311 _____ () C:\Users\Florian\Desktop\FRST.txt 2015-04-12 18:17 - 2015-04-14 00:49 - 00000000 ____D () C:\FRST 2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe 2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe 2015-04-09 21:26 - 2015-04-09 21:27 - 31462447 _____ () C:\Users\Florian\Downloads\offline-SWTARC.zip 2015-04-07 18:20 - 2015-04-07 18:22 - 08157098 _____ () C:\Users\Florian\Downloads\apache-tomcat-7.0.33.zip 2015-04-07 14:45 - 2015-04-07 14:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\JetBrains 2015-04-07 14:44 - 2015-04-07 14:44 - 00000000 ____D () C:\Users\Florian\.AndroidStudio 2015-04-07 14:43 - 2015-04-07 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio 2015-04-07 11:57 - 2015-04-07 12:20 - 856233768 _____ (Google Inc.) C:\Users\Florian\Downloads\android-studio-bundle-135.1740770-windows.exe 2015-04-06 20:10 - 2015-04-06 20:10 - 00000000 ____D () C:\Users\Florian\Documents\Visual Studio 2010 2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-04 12:39 - 2015-04-05 09:17 - 00000000 ____D () C:\Program Files (x86)\Thunderbird 2015-03-31 16:11 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-31 10:45 - 2015-04-12 20:16 - 00205678 _____ () C:\Windows\PFRO.log 2015-03-30 12:32 - 2015-03-30 12:32 - 00000183 _____ () C:\Users\Florian\Downloads\100373742194.sdx 2015-03-30 12:26 - 2015-03-30 12:27 - 13782032 _____ (Microsoft Corporation) C:\Users\Florian\Downloads\vssdk_full.exe 2015-03-30 12:19 - 2015-03-31 15:40 - 00036133 _____ () C:\Users\Florian\Downloads\SecureDownloadManager.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-14 00:10 - 2013-03-08 19:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-14 00:04 - 2012-08-16 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-13 18:47 - 2014-10-17 11:19 - 00005824 _____ () C:\Windows\setupact.log 2015-04-13 17:09 - 2012-01-11 13:13 - 01990051 _____ () C:\Windows\WindowsUpdate.log 2015-04-13 17:08 - 2013-03-08 19:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-13 12:02 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-13 12:02 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-13 11:52 - 2013-12-09 16:06 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Raptr 2015-04-13 11:49 - 2012-12-06 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-13 11:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-13 11:11 - 2014-06-18 10:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-13 11:10 - 2014-06-18 10:56 - 00000000 ____D () C:\Program Files (x86)\Anti-Malware 2015-04-13 09:54 - 2015-01-25 16:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-04-13 09:54 - 2014-08-09 10:52 - 00000000 ____D () C:\Program Files (x86)\Java 2015-04-13 09:54 - 2012-08-03 21:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Adobe 2015-04-12 20:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-04-12 20:18 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-12 18:59 - 2012-10-28 13:24 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Mozilla 2015-04-12 18:58 - 2013-08-24 23:04 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Avira 2015-04-12 18:54 - 2012-03-17 19:09 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Adobe 2015-04-12 18:53 - 2012-03-17 18:48 - 00067408 _____ () C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-12 18:52 - 2012-03-17 18:49 - 00001429 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-09 01:47 - 2012-08-28 02:58 - 00000000 ____D () C:\Aktien 2015-04-08 20:39 - 2015-01-04 20:15 - 00000000 ____D () C:\Users\Florian\.android 2015-04-08 09:57 - 2012-07-28 20:54 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla 2015-04-07 18:23 - 2012-07-29 13:44 - 00000000 ____D () C:\Tools 2015-04-07 14:44 - 2012-07-27 17:22 - 00000000 ____D () C:\Users\Florian 2015-04-06 20:07 - 2014-10-08 15:37 - 00000034 _____ () C:\Users\Florian\AppData\Roaming\AdobeWLCMCache.dat 2015-03-31 16:17 - 2012-11-03 01:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira 2015-03-31 16:11 - 2012-11-03 01:43 - 00000000 ____D () C:\ProgramData\Avira 2015-03-31 10:58 - 2012-03-17 18:47 - 00000000 ____D () C:\Users\ACER 2015-03-31 10:45 - 2013-07-15 15:52 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-29 18:15 - 2012-01-11 21:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat 2015-03-29 18:15 - 2012-01-11 21:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat 2015-03-29 18:15 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-17 06:15 - 2014-06-18 10:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 06:15 - 2014-06-18 10:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 06:15 - 2014-06-18 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-15 14:44 - 2014-08-23 14:48 - 00000000 ____D () C:\ProgramData\Lx_cats 2015-03-15 13:03 - 2014-09-29 00:57 - 00000962 _____ () C:\Users\Florian\Desktop\Studienorganisator Semester II.lnk ==================== Files in the root of some directories ======= 2014-10-01 15:24 - 2014-10-01 15:24 - 0000218 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel 2013-05-14 15:54 - 2014-10-17 11:16 - 0007619 _____ () C:\Users\ACER\AppData\Local\Resmon.ResmonCfg 2012-07-18 23:16 - 2012-07-18 23:16 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-01-11 13:32 - 2012-01-11 13:35 - 0015131 _____ () C:\ProgramData\ArcadeDeluxe5.log 2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\cmn_upld.log 2014-08-23 14:48 - 2014-08-23 14:48 - 0000252 _____ () C:\ProgramData\FastPics.log 2014-09-02 15:28 - 2014-10-16 12:00 - 0002520 _____ () C:\ProgramData\lxea.log 2014-08-23 14:48 - 2014-12-31 13:58 - 0001714 _____ () C:\ProgramData\lxeaJSW.log 2014-08-23 14:44 - 2014-10-17 10:16 - 0009510 _____ () C:\ProgramData\lxeascan.log 2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log 2012-07-27 17:01 - 2012-07-27 17:02 - 0000032 _____ () C:\ProgramData\PS.log 2014-08-23 14:43 - 2014-08-23 14:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt Some content of TEMP: ==================== C:\Users\ACER\AppData\Local\Temp\avgnt.exe C:\Users\ACER\AppData\Local\Temp\Quarantine.exe C:\Users\ACER\AppData\Local\Temp\sqlite3.dll C:\Users\Florian\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 00:12 ==================== End Of Log ============================ --- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015 Ran by ACER at 2015-04-14 00:50:18 Running from C:\Users\ACER\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer Crystal Eye webcam 2.2.0.2 (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.2.0.2 - SuYin) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated) Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer) Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Connect 9 Add-in (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated) Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated) Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version: - ) Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - ) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Astah Community 6.6.3 (HKLM\...\astah* community_is1) (Version: - Change Vision, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel) AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel) AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel) Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden BaseX (HKLM-x32\...\BaseX) (Version: - BaseX Team) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.3.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version: - ES-Computing) ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.) Facebook Messenger 2.1.4801.0 (HKLM-x32\...\{823ECDD2-E8E9-4E46-AB97-44516A27288E}) (Version: 2.1.4801.0 - Facebook) FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.4.2046 - OpenSight Software LLC) flatex fx (HKLM-x32\...\flatex fx) (Version: 4.00 - MetaQuotes Software Corp.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Fraps (HKLM-x32\...\Fraps) (Version: - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GanttProject (HKLM-x32\...\GanttProject) (Version: - ) GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team) Git version 1.9.0-preview20140217 (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Git_is1) (Version: 1.9.0-preview20140217 - The Git Development Community) Google Chrome (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Java SE Development Kit 7 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle) Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation) JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JavaFX 2.1.1 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.) Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.) Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.27 - Alliance Software Pty Ltd) Market Samurai (x32 Version: 0.93.27 - Alliance Software Pty Ltd) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{c81217f5-344b-4b07-895e-97468942d363}) (Version: 12.0.30501 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla) Mozilla Thunderbird 14.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 14.0 (x86 de)) (Version: 14.0 - Mozilla) Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - ) MySQL Installer (HKLM-x32\...\{2D6DCDB3-9D02-4ED9-A67C-C76DB4682DE1}) (Version: 1.2.0.0 - Oracle Corporation) MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden Node.js (HKLM\...\{E292EB4D-988D-42CE-B042-68E7A83603BA}) (Version: 0.10.26 - Joyent, Inc. and other Node contributors) OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org) Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2064 - Electronic Arts, Inc.) Pencil (HKLM-x32\...\Pencil) (Version: - Evolus Co., Ltd.) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.8-1.0.4843.13 - raidcall.com) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Talend Open Studio (HKLM-x32\...\Talend Open Studio) (Version: - ) TeamSpeak 3 Client (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wireshark 1.8.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org) XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Tools\GIT-Shell\Git\git-cheetah\git_shell_ext64.dll () CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 03-04-2015 13:46:01 Windows Update 04-04-2015 21:22:10 Windows Update 10-04-2015 10:15:53 Windows Update 12-04-2015 19:58:54 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-04-12 20:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {18B95E93-9A92-49A0-A60B-174EDAED8388} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {22F0D562-947D-45A6-BBC0-B46251ED59F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {28BE3017-4CB2-4193-B484-1E9354EC376B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2A85C90A-9A6A-4379-88A9-512E8D3B284A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {33EE17E5-0CFA-4F01-9C86-344AD3C1A4FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {49BB2F0B-854C-49DC-A726-619E30483D11} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer) Task: {5A45B0A1-41F4-4BEB-87B2-4EE3609A60C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {5A6E3495-EFC9-4400-A5F3-37F10BFB97F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {83F55C03-B4BC-43B2-A412-F6219BCFBC47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.) Task: {C567C572-5BF9-4D53-8528-910409FE3CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.) Task: {DAA0B56D-E6B0-4322-80B4-EFC67E1BB9EF} - System32\Tasks\AdobeAAMUpdater-1.0-FLORIAN-Florian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated) Task: {E0421B5D-B4C6-433C-A613-37CEF1A3B262} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2014-08-23 14:45 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll 2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2015-04-03 13:45 - 2015-03-30 23:07 - 01174856 _____ () C:\Users\Florian\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll 2015-04-03 13:45 - 2015-03-30 23:07 - 00080200 _____ () C:\Users\Florian\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll 2015-04-03 13:46 - 2015-03-30 23:07 - 09279304 _____ () C:\Users\Florian\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll 2012-04-13 12:04 - 2012-04-13 12:04 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2012-04-13 12:00 - 2012-04-13 12:00 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Software\Classes\.exe: => <===== ATTENTION! HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Software\Classes\exefile: <===== ATTENTION! ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: AMDCleanup => C:\Grafiktreiber\AMDCleanupUtil.exe silent MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" ==================== Accounts: ============================= ACER (S-1-5-21-2040030199-1763219053-3685502851-1000 - Administrator - Enabled) => C:\Users\ACER Administrator (S-1-5-21-2040030199-1763219053-3685502851-500 - Administrator - Disabled) Florian (S-1-5-21-2040030199-1763219053-3685502851-1001 - Limited - Enabled) => C:\Users\Florian Gast (S-1-5-21-2040030199-1763219053-3685502851-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2040030199-1763219053-3685502851-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: AODDriver4.2.0 Description: AODDriver4.2.0 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.2.0 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (04/14/2015 00:41:44 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 11:31:26 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 05:23:49 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 05:23:46 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 05:23:45 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/13/2015 05:23:41 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (04/13/2015 09:05:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 09:05:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 09:05:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 09:05:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 08:40:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 08:40:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 08:40:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 08:40:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 08:39:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Error: (04/13/2015 08:39:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\bcmihvsrv64.dll Microsoft Office Sessions: ========================= Error: (04/14/2015 00:41:44 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/13/2015 11:31:26 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (04/13/2015 05:23:49 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ACER\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 05:23:46 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ACER\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 05:23:45 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ACER\Downloads\esetsmartinstaller_deu.exe Error: (04/13/2015 05:23:41 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ACER\Downloads\esetsmartinstaller_deu.exe ==================== Memory info =========================== Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics Percentage of memory in use: 42% Total physical RAM: 7654.11 MB Available physical RAM: 4369.57 MB Total Pagefile: 15306.41 MB Available Pagefile: 11558.85 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:682.42 GB) (Free:501.68 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 34F575C0) Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
14.04.2015, 16:32 | #8 |
/// the machine /// TB-Ausbilder | Windows 7: PUA/Somoto.Gen Flash und Adobe Reader updaten. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.04.2015, 18:31 | #9 |
| Windows 7: PUA/Somoto.Gen Hallo Schrauber, alles erledigt, keine Probleme mehr. Vielen, vielen Dank! Noch etwas bzgl. Deinstallation der Programme zu beachten? |
15.04.2015, 09:43 | #10 |
/// the machine /// TB-Ausbilder | Windows 7: PUA/Somoto.Gen Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7: PUA/Somoto.Gen |
.dll, adobe, adware, avira, bonjour, browser, canon, defender, error, explorer, firefox, flash player, home, launch, mozilla, neustart, photoshop, realtek, registry, security, services.exe, software, svchost.exe, system, temp, usb, windows |