![]() |
|
Plagegeister aller Art und deren Bekämpfung: Möglicherweise DHL-Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Möglicherweise DHL-Trojaner eingefangen Hallo, heute habe ich mal wieder festgestellt, dass man Mails nicht nebenher bearbeiten sollte. Ich bin auf eine DHL-Mail reingefallen. Es wurde ein späterer Zustellungstermin angekündigt und da ich auf ein Paket warte habe ich den Link angeklickt. Dieser führte zu einer fehlerhaften Seite. Es wurde nichts zum Download angeboten, noch gab es sonst eine erkennbare Reaktion. Ich habe die Seite dann geschlossen und die Mail genauer angesehen und meinen Fehler erkannt. Nun die große Preisfrage: "Habe ich mir was eingefangen?" Als erste Schritte habe ich mir Defogger, FRST und GMER heruntergeladen und nach Anleitung ausgeführt. Hier die Ergebnisse (Der Log von GMER hat in diesen Thread nicht mehr gepasst): Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:43 on 04/06/2015 (habewi) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015 Ran by habewi (administrator) on LAEPPI_2 on 04-06-2015 22:45:13 Running from E:\Install\Trojaner_Board\FRST64 Loaded Profiles: habewi (Available Profiles: habewi) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Pokki) C:\Users\habewi\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Dropbox, Inc.) C:\Users\habewi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Pokki) C:\Users\habewi\AppData\Local\Pokki\Engine\HostAppService.exe (Pokki) C:\Users\habewi\AppData\Local\Pokki\Engine\HostAppService.exe (Pokki) C:\Users\habewi\AppData\Local\Pokki\Engine\StartMenuIndexer.exe (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe () E:\Install\FRST64\FRST64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2015-03-15] (NVIDIA Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] () HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-02-28] () HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-06] () HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2669568 2015-04-17] (Sony Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Atheros Communications) HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung) HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-09-22] (Spotify Ltd) HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2574080 2015-05-06] (Acer) HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\MountPoints2: {57ebb439-fd95-11e4-828d-206a8ae16e6c} - "F:\autorun.exe" HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\MountPoints2: {57ebbd13-fd95-11e4-828d-206a8ae16e6c} - "F:\autorun.exe" HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\MountPoints2: {57ebbe13-fd95-11e4-828d-206a8ae16e6c} - "F:\autorun.exe" HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\MountPoints2: {6a4a958c-f5c0-11e4-828a-206a8ae16e6c} - "F:\autorun.exe" HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\MountPoints2: {6a4aa1b5-f5c0-11e4-828a-206a8ae16e6c} - "F:\autorun.exe" Startup: C:\Users\habewi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-07] ShortcutTarget: Dropbox.lnk -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1123843910-364745413-3572566037-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={5684E7F1-62C6-4AE0-B127-741CEB0320CF}&mid=42b0fba450f947d2a1d9f123cc05879f-a743e9e9013260a56953af67192a03edc5c4567b&lang=de&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2014-12-10 13:25:40&v=4.1.0.411&pid=wtu&sg=&sap=hp HKU\S-1-5-21-1123843910-364745413-3572566037-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1123843910-364745413-3572566037-1001 -> DefaultScope {9BFC5306-AAF9-11E4-8273-206A8AE16E6C} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123843910-364745413-3572566037-1001 -> {7CB8A254-C536-4D8D-A87C-0AA257617C3A} URL = SearchScopes: HKU\S-1-5-21-1123843910-364745413-3572566037-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={5684E7F1-62C6-4AE0-B127-741CEB0320CF}&mid=42b0fba450f947d2a1d9f123cc05879f-a743e9e9013260a56953af67192a03edc5c4567b&lang=de&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2014-12-10 13:25:40&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123843910-364745413-3572566037-1001 -> {9BFC5306-AAF9-11E4-8273-206A8AE16E6C} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms} SearchScopes: HKU\S-1-5-21-1123843910-364745413-3572566037-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-02-28] (AVG) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-02-28] (AVG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-10] (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\habewi\AppData\Roaming\Mozilla\Firefox\Profiles\vrelukaz.default FF SelectedSearchEngine: Web Search FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-19] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-19] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-02-09] () FF Plugin HKU\S-1-5-21-1123843910-364745413-3572566037-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\habewi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF user.js: detected! => C:\Users\habewi\AppData\Roaming\Mozilla\Firefox\Profiles\vrelukaz.default\user.js [2013-08-05] FF SearchPlugin: C:\Users\habewi\AppData\Roaming\Mozilla\Firefox\Profiles\vrelukaz.default\searchplugins\Web Search.xml [2015-05-19] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-02-28] FF Extension: anonymoX - C:\Users\habewi\AppData\Roaming\Mozilla\Firefox\Profiles\vrelukaz.default\Extensions\client@anonymox.net.xpi [2014-10-31] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [File not signed] R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-06] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-07-22] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-17] (WildTangent) R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-05-20] () R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-05-20] () R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-16] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2015-03-15] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [494592 2015-04-17] (Sony Corporation) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-10-17] (Acer Incorporate) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-10-17] (Acer Incorporate) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer) R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] () R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-02-28] (AVG Secure Search) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-02-28] () S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-05-04] (AVG Technologies CZ, s.r.o.) S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 GigasetGenericUSB_x64; C:\Windows\system32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-04-25] (Siemens Home and Office Communication Devices GmbH & Co. KG) S3 HWHandSet; C:\Windows\system32\DRIVERS\hw_quusbmdm.sys [223232 2015-05-07] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2015-05-07] (Huawei Technologies Co., Ltd.) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation) R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation) R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-10] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-04 22:43 - 2015-06-04 22:43 - 00000000 _____ C:\Users\habewi\defogger_reenable 2015-06-04 22:34 - 2015-06-04 22:34 - 00018417 _____ C:\Users\habewi\Desktop\20150604_gmer.log 2015-06-04 21:00 - 2015-06-04 22:45 - 00000000 ____D C:\FRST 2015-06-04 19:21 - 2015-06-04 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-06-02 12:44 - 2015-06-02 12:44 - 00000000 ____D C:\Users\habewi\AppData\Local\GWX 2015-05-25 11:41 - 2015-05-25 11:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2015-05-25 10:54 - 2014-10-13 07:57 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2015-05-25 10:54 - 2014-10-13 07:57 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll 2015-05-25 10:54 - 2014-10-13 07:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudserd.sys 2015-05-25 10:54 - 2014-10-13 07:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-05-25 10:54 - 2014-10-13 07:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-05-24 12:01 - 2015-05-24 12:01 - 00000000 ____D C:\Users\habewi\AppData\Local\Avg 2015-05-20 17:58 - 2015-05-20 17:58 - 00001007 _____ C:\Users\Public\Desktop\HiSuite.lnk 2015-05-20 17:58 - 2015-05-20 17:58 - 00000000 ____D C:\ProgramData\HiSuiteOuc 2015-05-20 17:58 - 2015-05-20 17:58 - 00000000 ____D C:\ProgramData\HandSetService 2015-05-20 17:36 - 2015-05-20 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-05-19 21:20 - 2015-05-19 21:20 - 00000000 ____D C:\Users\habewi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClockworkMod 2015-05-19 21:20 - 2015-05-19 21:20 - 00000000 ____D C:\Program Files (x86)\ClockworkMod 2015-05-14 13:04 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2015-05-14 13:04 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-05-14 13:04 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll 2015-05-14 13:03 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-14 13:03 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-05-14 13:03 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-05-14 13:03 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2015-05-14 13:03 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll 2015-05-14 13:03 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2015-05-14 13:03 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2015-05-14 13:03 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2015-05-14 13:03 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2015-05-14 13:03 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-05-14 13:03 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2015-05-14 13:03 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2015-05-14 13:03 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys 2015-05-14 13:03 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll 2015-05-14 13:03 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll 2015-05-14 13:03 - 2015-03-13 02:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml 2015-05-14 13:03 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-14 13:03 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-14 13:03 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys 2015-05-14 13:03 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-14 13:03 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll 2015-05-14 13:03 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-14 13:03 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-14 13:03 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll 2015-05-14 13:03 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll 2015-05-14 13:03 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2015-05-13 20:33 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 20:33 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 20:22 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 20:22 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 20:22 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 20:22 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 20:22 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 20:22 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 20:22 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 20:22 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 20:21 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 20:21 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 20:21 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 20:21 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 20:21 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 20:21 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-05-13 20:21 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 20:21 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 20:21 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 20:21 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-05-13 20:21 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 20:21 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 20:21 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-05-13 20:21 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 20:21 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-05-13 20:21 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 20:21 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 20:21 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 20:21 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 20:21 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 20:21 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-05-13 20:21 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 20:21 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-05-13 20:21 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-05-13 20:21 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 20:21 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 20:21 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 20:21 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 20:21 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 20:21 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 20:21 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 20:21 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 20:21 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 20:21 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 20:21 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 20:21 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 20:21 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 20:21 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 20:21 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-05-13 20:21 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 20:21 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 20:21 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 20:19 - 2015-05-13 20:19 - 00002001 _____ C:\Users\Public\Desktop\abMedia.lnk 2015-05-13 20:16 - 2015-05-13 20:16 - 00002005 _____ C:\Users\Public\Desktop\abPhoto.lnk 2015-05-12 18:31 - 2015-05-12 18:31 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud 2015-05-12 18:31 - 2015-05-12 18:31 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk 2015-05-12 18:29 - 2015-05-12 18:29 - 00001969 _____ C:\Users\Public\Desktop\abDocs.lnk 2015-05-08 22:38 - 2015-05-22 19:15 - 00000000 ____D C:\Users\habewi\AppData\Local\HiSuite 2015-05-08 22:38 - 2015-05-20 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite 2015-05-08 22:38 - 2015-05-20 17:58 - 00000000 ____D C:\Program Files (x86)\HiSuite 2015-05-08 22:38 - 2015-05-08 23:17 - 00000000 ____D C:\Users\habewi\Documents\HiSuite 2015-05-08 22:38 - 2015-05-08 22:38 - 00000000 ____D C:\ProgramData\HiSuiteDataSvc 2015-05-08 22:38 - 2015-05-07 13:36 - 02152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll 2015-05-08 22:38 - 2015-05-07 13:36 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll 2015-05-08 22:38 - 2015-05-07 13:36 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll 2015-05-08 22:38 - 2015-05-07 13:36 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys 2015-05-08 22:38 - 2015-05-07 13:36 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys 2015-05-08 22:38 - 2015-05-07 13:36 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys 2015-05-08 22:38 - 2015-05-07 13:36 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys 2015-05-07 21:54 - 2015-06-04 22:39 - 00000000 ___RD C:\Users\habewi\Dropbox 2015-05-07 21:54 - 2015-05-07 21:54 - 00001144 _____ C:\Users\habewi\Desktop\Dropbox.lnk 2015-05-07 21:53 - 2015-05-07 21:53 - 00000000 ____D C:\Users\habewi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-07 21:52 - 2015-06-04 22:39 - 00000000 ____D C:\Users\habewi\AppData\Roaming\Dropbox 2015-05-07 13:50 - 2015-05-07 13:50 - 00378336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2015-05-07 13:49 - 2015-05-07 13:49 - 00253920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2015-05-07 13:49 - 2015-05-07 13:49 - 00220128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-04 22:43 - 2014-10-29 01:06 - 00000000 ____D C:\Users\habewi 2015-06-04 22:43 - 2014-09-23 06:38 - 00775588 _____ C:\Windows\system32\perfh007.dat 2015-06-04 22:43 - 2014-09-23 06:38 - 00163774 _____ C:\Windows\system32\perfc007.dat 2015-06-04 22:43 - 2014-03-18 12:03 - 01804156 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-04 22:42 - 2015-02-22 18:59 - 00000000 ____D C:\Users\habewi\OneDrive 2015-06-04 22:42 - 2015-01-05 18:13 - 00000000 ____D C:\Users\habewi\AppData\Roaming\TeraCopy 2015-06-04 22:42 - 2014-09-22 22:13 - 01520660 _____ C:\Windows\WindowsUpdate.log 2015-06-04 22:39 - 2014-10-29 01:06 - 00000000 ____D C:\Users\habewi\AppData\Local\Pokki 2015-06-04 22:39 - 2014-09-22 21:39 - 00006463 _____ C:\Windows\SysWOW64\Gms.log 2015-06-04 22:36 - 2014-10-28 20:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-04 22:36 - 2014-03-18 11:54 - 00051468 _____ C:\Windows\PFRO.log 2015-06-04 22:36 - 2013-08-22 16:46 - 00072305 _____ C:\Windows\setupact.log 2015-06-04 22:36 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-04 22:36 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-06-04 22:13 - 2014-10-31 23:24 - 00000000 ____D C:\Users\habewi\AppData\Roaming\KeePass 2015-06-04 22:06 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-06-04 20:55 - 2015-01-26 18:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-04 18:01 - 2014-10-28 23:40 - 00000000 ____D C:\ProgramData\MFAData 2015-06-04 17:59 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-05-31 13:56 - 2014-10-31 22:31 - 00000000 ____D C:\Users\habewi\AppData\Roaming\MyPhoneExplorer 2015-05-31 13:55 - 2014-10-30 22:40 - 00000000 ____D C:\Users\habewi\Documents\KeePass 2015-05-31 11:46 - 2014-10-29 01:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1123843910-364745413-3572566037-1001 2015-05-31 11:35 - 2014-10-30 22:40 - 00000000 ____D C:\Users\habewi\Documents\Handy 2015-05-30 15:31 - 2014-10-30 22:40 - 00000000 ____D C:\Users\habewi\Documents\Conrad 2015-05-30 15:00 - 2014-10-29 01:09 - 00002278 _____ C:\Users\habewi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-05-28 18:40 - 2014-11-04 22:49 - 00000000 ____D C:\Users\habewi\AppData\Roaming\vlc 2015-05-28 18:40 - 2014-10-28 19:21 - 00000000 ____D C:\Users\habewi\AppData\Local\CrashDumps 2015-05-28 17:56 - 2014-10-30 22:40 - 00000000 ____D C:\Users\habewi\Documents\1_und_1 2015-05-26 20:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness 2015-05-25 10:54 - 2014-11-01 13:45 - 00002022 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2015-05-24 12:03 - 2014-10-28 23:42 - 00001001 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-05-24 12:03 - 2014-10-28 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-05-20 14:37 - 2015-04-05 20:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-20 14:37 - 2015-04-05 20:03 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-20 14:37 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-05-20 14:28 - 2014-10-30 22:41 - 00000000 ____D C:\Users\habewi\Documents\Outlook-Dateien 2015-05-19 21:04 - 2014-12-20 19:03 - 00001972 _____ C:\Users\Public\Desktop\PlayMemories Home.lnk 2015-05-19 21:04 - 2014-12-20 19:03 - 00001858 _____ C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk 2015-05-19 21:04 - 2014-12-20 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home 2015-05-19 20:49 - 2015-01-26 18:40 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-19 20:49 - 2014-11-11 18:22 - 00000000 ____D C:\Users\habewi\AppData\Local\Adobe 2015-05-17 08:58 - 2013-08-22 16:44 - 00492368 _____ C:\Windows\system32\FNTCACHE.DAT 2015-05-16 22:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-05-16 13:57 - 2014-10-28 21:26 - 00000000 ____D C:\Windows\system32\MRT 2015-05-16 13:57 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2015-05-16 13:53 - 2014-10-28 21:26 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 20:36 - 2014-10-31 18:25 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-05-13 20:36 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-13 20:34 - 2014-10-31 18:37 - 00000039 _____ C:\Windows\vbaddin.ini 2015-05-13 20:29 - 2014-03-18 11:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-13 20:19 - 2014-09-22 21:41 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-05-13 20:19 - 2014-09-22 21:41 - 00000000 ____D C:\Program Files (x86)\Acer 2015-05-13 20:17 - 2014-10-29 01:07 - 00000000 ____D C:\Users\habewi\AppData\Local\clear.fi 2015-05-12 18:31 - 2014-10-29 01:07 - 00000000 ____D C:\Users\habewi\AppData\Local\AOP SDK 2015-05-12 18:29 - 2014-07-14 20:33 - 00000000 ___HD C:\OEM 2015-05-08 22:43 - 2014-10-29 01:06 - 00000000 ____D C:\Users\habewi\AppData\Local\VirtualStore 2015-05-07 13:36 - 2014-05-07 00:45 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-05-05 19:59 - 2014-07-14 19:54 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-05 19:59 - 2014-07-14 19:54 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-02-20 15:04 - 2015-03-07 14:52 - 0003584 _____ () C:\Users\habewi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-01 20:25 - 2014-11-01 20:25 - 0000094 _____ () C:\Users\habewi\AppData\Local\fusioncache.dat 2015-03-15 14:12 - 2015-03-15 14:30 - 0018115 _____ () C:\Users\habewi\AppData\Local\HWVendorDetection.log 2015-03-07 13:51 - 2015-03-07 13:51 - 0007605 _____ () C:\Users\habewi\AppData\Local\Resmon.ResmonCfg 2014-09-22 21:35 - 2014-09-22 21:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\habewi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpntloje.dll C:\Users\habewi\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\habewi\AppData\Local\Temp\Intel_Technology_Access_Software.exe C:\Users\habewi\AppData\Local\Temp\oct12D2.tmp.exe C:\Users\habewi\AppData\Local\Temp\oct2BFB.tmp.exe C:\Users\habewi\AppData\Local\Temp\oct324F.tmp.exe C:\Users\habewi\AppData\Local\Temp\oct4F52.tmp.exe C:\Users\habewi\AppData\Local\Temp\oct5210.tmp.exe C:\Users\habewi\AppData\Local\Temp\oct5E3B.tmp.exe C:\Users\habewi\AppData\Local\Temp\oct6E72.tmp.exe C:\Users\habewi\AppData\Local\Temp\oct7592.tmp.exe C:\Users\habewi\AppData\Local\Temp\oct8DA5.tmp.exe C:\Users\habewi\AppData\Local\Temp\octB9B5.tmp.exe C:\Users\habewi\AppData\Local\Temp\octC491.tmp.exe C:\Users\habewi\AppData\Local\Temp\octC7B7.tmp.exe C:\Users\habewi\AppData\Local\Temp\octC9E8.tmp.exe C:\Users\habewi\AppData\Local\Temp\octCAB7.tmp.exe C:\Users\habewi\AppData\Local\Temp\octD12C.tmp.exe C:\Users\habewi\AppData\Local\Temp\octE7E5.tmp.exe C:\Users\habewi\AppData\Local\Temp\octF0F3.tmp.exe C:\Users\habewi\AppData\Local\Temp\octF2EC.tmp.exe C:\Users\habewi\AppData\Local\Temp\octF9A9.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-04 18:07 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015 Ran by habewi at 2015-06-04 22:45:34 Running from E:\Install\Trojaner_Board\FRST64 Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1123843910-364745413-3572566037-500 - Administrator - Disabled) ASPNET (S-1-5-21-1123843910-364745413-3572566037-1002 - Limited - Enabled) Gast (S-1-5-21-1123843910-364745413-3572566037-501 - Limited - Disabled) habewi (S-1-5-21-1123843910-364745413-3572566037-1001 - Administrator - Enabled) => C:\Users\habewi ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ) abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2004 - Acer Incorporated) abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated) abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated) abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated) Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated) Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8106.0 - Acer Incorporated) Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3018 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated) Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated) Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated) Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Alcatel onetouch Manager (HKLM-x32\...\{D0DC8B2A-CD72-0200-0000-000000000000}) (Version: 13.04.2345 - Mobile Action) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander 11 (HKLM-x32\...\{C92AB6F1-0F9C-8526-5DF1-0A2FD0FB33D9}_is1) (Version: 11.1.8 - Ashampoo GmbH & Co. KG) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies) AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation) Brother MFL-Pro Suite MFC-6890CDW (HKLM-x32\...\{F9626826-162E-4EFD-9440-3F3B8317C097}) (Version: 2.0.0.0 - Brother Industries, Ltd.) CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.) CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4419 - CyberLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.122.807 - Foxit Corporation) Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.) Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.) Gigaset QuickSync (HKLM\...\{b49e8cfb-f094-4467-925a-97c23972cb50}) (Version: 8.3.0868.3 - Gigaset Communications GmbH) Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod) HiSuite (HKLM-x32\...\Hi Suite) (Version: 41.003.55.00.06 - Huawei Technologies Co.,Ltd) Host App Service (HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\Pokki) (Version: 0.269.7.660 - Pokki) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation) Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl) King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden MergeModule_x64 (Version: 9.0.02 - Sony Corporation) Hidden MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla) Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla) MyFreeCodec (HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\MyFreeCodec) (Version: - ) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) NVIDIA Grafiktreiber 333.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.17 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 4.3.00.04171 - Sony Corporation) PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden PMB_ServiceUploader (x32 Version: 9.3.00 - Sony Corporation) Hidden Pokki Start Menu (HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki) Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden proWIN Office (HKLM-x32\...\{FE5531D5-7828-4463-907F-21B6DE9AADEA}) (Version: 1.1.0 - HALD) Qualcomm Atheros 61x4 Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.619A - Qualcomm Atheros) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB) TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.) The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Unity Web Player (HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) <==== ATTENTION Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1123843910-364745413-3572566037-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\habewi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-05-2015 21:04:19 DirectX wurde installiert 29-05-2015 10:48:21 Geplanter Prüfpunkt ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04183687-4F50-4AB3-94C2-3DA0E03C5E2F} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>) Task: {26CC8E2C-E436-432C-BD34-03F4AB25D96D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2EF1DAA4-1DD0-438E-8D1B-AD325CC35FA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated) Task: {3D1A8976-2D47-45F2-B844-39FD393DAE08} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] () Task: {3D91ADE2-C26C-4E41-95C5-BCF6A107F239} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] () Task: {52637F36-B179-4979-902C-2C01909A4457} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] () Task: {558A09E0-10A4-460B-AF70-F2D177E3B035} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-05-06] (Acer) Task: {58C1B211-6370-438B-80A8-318BACA8CAD7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-16] (Microsoft Corporation) Task: {5DE884B5-0A4D-491E-B476-AFFB81305EAB} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate) Task: {71AA954B-EEEC-4EFC-BCC5-3266D995D35B} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-09] (Acer Incorporated) Task: {73C1B267-192A-4D0B-BB41-996D6FFA5195} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation) Task: {82923531-8596-4224-8720-11AD6FE4C9A3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] () Task: {853DFDF5-4427-41C0-9E7B-26E024F24EF3} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.) Task: {8A89709D-963F-42F5-9C2E-6E5D7BC5209C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {CEAADD60-6926-47A8-8FAF-D114C291EAA7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-07-22] (Acer Incorporated) Task: {D3548174-201D-461D-825D-368A344A0F51} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate) Task: {DAFC5010-045C-44B0-AAA2-D90481CE2C48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {E3431CCD-A9A3-4BBA-9313-C564BEA38DB4} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate) Task: {F0CA917B-F232-4866-BC77-21B066B3F013} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {F10B1E8B-75AB-4339-B4D6-AB3AF3027312} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation) Task: {FC2D3C65-07DF-4DEA-A02E-77FE31A45E83} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2015-02-28 11:45 - 2015-02-28 11:45 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2015-03-15 14:57 - 2014-05-14 00:17 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-20 17:58 - 2015-05-20 12:40 - 00138544 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe 2015-05-20 17:58 - 2015-05-20 12:40 - 00192304 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe 2015-03-17 14:43 - 2015-03-17 14:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll 2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll 2015-03-17 15:15 - 2015-03-17 15:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll 2014-09-22 21:45 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-10-31 18:11 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll 2014-10-31 21:45 - 2010-09-30 15:00 - 00253264 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe 2015-02-28 11:45 - 2015-02-28 11:45 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe 2014-09-22 21:53 - 2014-07-01 14:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-01-05 18:18 - 2009-06-22 04:27 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll 2014-04-07 16:13 - 2014-04-07 16:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll 2014-04-29 02:38 - 2014-04-29 02:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-04-29 02:35 - 2014-04-29 02:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2014-04-29 02:42 - 2014-04-29 02:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2014-10-31 18:11 - 2012-09-25 12:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe 2014-10-31 21:45 - 2010-09-30 15:00 - 00139088 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe 2014-12-10 14:25 - 2015-02-28 11:45 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe 2015-05-06 16:14 - 2015-05-06 16:14 - 00092928 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe 2015-05-06 16:14 - 2015-05-06 16:14 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe 2015-02-28 11:45 - 2015-02-28 11:45 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll 2015-05-06 16:04 - 2015-05-06 16:04 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll 2015-05-06 16:04 - 2015-05-06 16:04 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll 2015-06-04 22:37 - 2015-06-04 22:37 - 00043008 _____ () c:\users\habewi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpntloje.dll 2015-05-07 21:53 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\habewi\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-05-07 21:53 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\habewi\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-05-07 21:53 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\habewi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-05-07 21:53 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\habewi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-05-12 18:29 - 2015-05-12 18:29 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2015-05-06 10:08 - 2015-05-06 10:08 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2015-05-08 10:41 - 2015-05-08 10:41 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll 2015-05-08 10:41 - 2015-05-08 10:41 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll 2015-05-08 10:41 - 2015-05-08 10:41 - 00641792 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll 2015-05-08 10:41 - 2015-05-08 10:41 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll 2015-05-06 10:06 - 2015-05-06 10:06 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2014-12-10 14:25 - 2014-12-10 14:25 - 01686552 ____N () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll 2014-10-31 18:11 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-12-10 14:25 - 2015-02-28 11:45 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll 2015-05-06 16:15 - 2015-05-06 16:15 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-09-22 21:53 - 2014-07-01 14:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2014-02-19 18:51 - 2014-02-19 18:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-04-28 22:15 - 2015-04-28 22:15 - 00569856 _____ () C:\Users\habewi\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll 2015-04-28 22:15 - 2015-04-28 22:15 - 01400846 _____ () C:\Users\habewi\AppData\Local\Pokki\Engine\avcodec-54.dll 2015-04-28 22:15 - 2015-04-28 22:15 - 00151054 _____ () C:\Users\habewi\AppData\Local\Pokki\Engine\avutil-51.dll 2015-04-28 22:15 - 2015-04-28 22:15 - 00222734 _____ () C:\Users\habewi\AppData\Local\Pokki\Engine\avformat-54.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\habewi\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1123843910-364745413-3572566037-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\habewi\Documents\_Desktophintergrund\DSC00183.JPG DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1123843910-364745413-3572566037-1001\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{2966FB4D-C583-476B-89B4-A4AFEAC95935}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{55D1DB7B-D233-4FE1-BC3A-F577037AA8D8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{B88A2367-6937-4CC6-A570-5325C88AF9A6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{81987E11-5279-4528-A5AE-04ACF5D3AFE7}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{15212FC9-BAB6-4AE1-8DDC-3F4FA153BE4F}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{8E7F7C0E-BE99-4983-838D-A2EEDC8E92AC}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{AC5DC087-6E6B-4B78-A2C3-D18BC05B930C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{87FC5DB6-E984-4FF7-A3AD-A7A54F08F3BC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe FirewallRules: [{ACD6804F-E7FE-462D-8826-401EC690ABF9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{8F248733-03AD-443A-94EF-1C7E808105EB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{5C84FA12-294B-4D4A-B0A2-DF4468480641}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{9DB661E4-BD8B-41F6-85E8-66F07C011661}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{8B718AC0-4099-4E38-A888-EF874666821D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{EB2678FA-FB1A-4253-BC40-824E2497D5B5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{B2AEEE26-5E77-4B57-9D95-47691997C93C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{43452EB2-61FD-4E7D-A07F-60247AC6AAE7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{FCB345D4-7DFC-4D62-BB87-49EF1F7D9285}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{761F41A1-D5A5-4C69-B57D-0C09E1D00ADC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{D6395B6E-A0FF-4919-BF29-8FF60C4046AD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe FirewallRules: [{371608E0-F8C7-4940-A5EB-E92CB643CE02}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{0BEEB126-9FD0-4DFA-8B88-2E596C3C8A4B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe FirewallRules: [{5666440B-3A09-4145-995C-E79035C84F26}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{B3CD4A7B-7C08-4EFC-BE7B-2695F2E6D7BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{0E03A479-6A26-4BC9-961C-02741060E45B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{4B5FDB52-D732-493C-8D42-2B1A41460B11}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{F771FB18-6FB8-4360-B7DA-B02F46284BA0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{67981A55-316D-4AEE-9178-CAE8E394F35D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{DA5D83A2-F68A-4BD0-85AE-B60DBD75946B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{AB30BD6A-D47D-4F2C-ACFA-94D585D55284}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{FCA92334-6E0F-46C3-BE18-020EBB9AE303}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{A2ABCCD8-A719-4530-8849-8917903A7530}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe FirewallRules: [{ADC56CB1-216E-4856-8905-FFD8E9E627F9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{81A5E0F8-6905-414E-A74C-6DFFAADF5836}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{921B8B7D-3399-4BAA-A02C-B41673AA555D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{D30A7995-6ACE-4BCA-8D6E-F6C4F30C269D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{C90D7269-DE88-4CEF-BD63-3927C45C4D1A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{38EEA1F6-844C-447C-BA78-8DB909E2FFAA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{BC0B3616-F4A8-4E8E-8C45-E65C5FEBB8F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{419B4508-AC83-40BF-8937-E362BF6ADEAC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{E8A3A222-DEC1-4C6A-BCEF-38844C2BC10D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{ED9BD921-D7BD-4C6D-BDC3-021DF03717B3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{55DC2A4E-7668-465E-ACD8-D1AB46DAA5A8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{1B7282F4-5B33-437A-B92F-E024F9FBC4EB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{B927F6F9-8214-4EE3-9536-429B44F15501}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{FEF5F77B-A93B-4CE0-8BCC-BEA7369A1D6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{676569A7-E7C0-4815-8955-EC7B51B43A3A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{E5065115-EF90-42D4-B67A-3587E9407F9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{7C5562F0-565B-4BEA-9A65-C10A0DD0390E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08z\FAXRX.exe FirewallRules: [{A7B1D3D7-7C78-4C7B-AC76-174144619926}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08z\FAXRX.exe FirewallRules: [{0A7F6663-18B6-40E7-9D25-0ECAF6992788}] => (Allow) LPort=54925 FirewallRules: [{A770A1A5-AED1-4B3A-8E9D-080AA4BC7D7F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{4E735E40-9107-48A5-9AEF-0155C7561329}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{F2864CE2-5098-45D6-8CE9-E75CD42313E3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{1B2FF1E6-DDC5-4577-AD46-1B22C8EB52ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{A77A3D14-5BC8-48B0-8CE4-C877BF619BEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{6E3A5561-7FF9-4974-936F-B7D99D778AA7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{720247DE-F97D-400F-A5FA-353CD7D8D79F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{19041D0B-9C61-4D6D-B279-F1DD5C68C82D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{568CB4E1-3905-44DB-B250-2C47DB3D8160}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{22C6D17D-D883-488D-A4D2-7668252C8367}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{88F18C96-8D55-449C-A802-B2935482D6D5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{BF88EF8F-45A6-4922-8521-AD11577C78FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{DC791F5A-0885-4E7A-8A47-863F42899DFC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{C922FAE6-C3A2-433A-A46E-9049AC7D7774}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{B4399CB3-EFFD-4FFF-9C30-A5162086609F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{7D282F91-DB77-4A4F-9364-E3DD25A713A5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{660D0248-E6D4-439D-BCBF-BEC67AF189F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5456047C-7CE9-4A45-94B2-F5718BA60930}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A6AD8530-AA65-461F-ACE6-793795A26E19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9DF5AC02-4E07-4396-8DB6-45F28E8E9F7C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6323DBCE-2F46-4046-A4BE-8F68A2CDF710}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{F0C6B634-5DF8-4A6C-9CF1-154198FDC12B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{F1A05B82-513B-4838-A784-5F2425D82C7F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{07B2E2FC-8CC1-456E-8072-3B2B8AAF29C7}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{6F6B2BFC-52D4-4013-886B-E5602A16CB6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{E1691619-DB47-478D-B757-42494C734B17}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe FirewallRules: [{9C649EC0-2CD7-4CD2-82B0-B68B10B989D1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{EADC812D-54FA-4E55-8E29-9469B5CA1A76}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe FirewallRules: [{2EF2164A-AE84-4E74-98C2-65ACE6567FD4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{275E8E34-A08B-43E4-B813-E7E178DEFB4D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{7811C2F0-F743-4252-9C7B-E66446D4ED3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{7774E85B-ED04-4421-A1EF-3541004D6362}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{4B9D69B9-CD42-40A8-86C0-4284827B4F62}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{FFFEDDEE-1F7E-4CB0-8901-8E70CEC02A76}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{19890C90-4B80-46D6-BD3A-41F7B1327F2C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{F9CD71D0-6B60-499C-B850-26C71ABB7468}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{327CFD1E-B7F0-46D4-813C-A31360B222C3}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{18B05B73-8D6A-431D-9F16-2C1D73C02C70}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{0ABAEA3A-41D4-4513-B361-7EE06A678EE6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{ED118FF2-CD52-41C7-836C-B03C4A9EB906}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{430ABCE3-FC5A-47F9-BCDA-23939D44F9E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{C5E635B4-D68A-4ABE-8FE2-50D7B893DB58}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{1337F53F-8016-4136-AD84-EFE5A371D744}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe FirewallRules: [{7ADCE57F-3318-40DD-AFCB-AD29D148AFB1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe FirewallRules: [{EDC2A7E0-A297-469C-BD5A-2C474458E6B2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe FirewallRules: [{A7801B3B-DA48-4D02-9F5D-72BEEB36D2D8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe FirewallRules: [{3CF8347F-9937-4583-A30E-1B53C4FCB0E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{D4751B57-EA9C-42C5-AA0F-17AD596AF121}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{CBD9436D-FE27-4ACA-AF18-44DE7F335EAD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{8BFD4718-FAD2-49FF-AF61-199491C2824A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{4F703D0C-EFE0-4DEC-980C-A793DC18FA31}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{4031C89F-8789-4BB5-99E5-C7982011FB32}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{C63D95ED-EF1B-458A-BC12-F6B58E3E7347}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{30CEB4AE-B7AE-4338-B812-086068A69CEE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{E9E03CD8-5FDD-4771-AAC6-9B7A04F61998}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{C6E3A62F-CA47-4E90-9558-34716D598DF2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{C268FAA0-5B13-403B-9C83-86B67AC46069}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CFA97C41-A849-49A9-9384-5E1E54847D9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{401E313C-0B00-433B-B802-4DAA7EC6A31F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{09AFAEAF-005A-45FF-9F28-A5AD033A78EC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{A63B7135-11BD-40A0-85DA-587549477964}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{CA7E3404-6A5A-450D-8B1A-21466A6C452D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{D8C739D5-83D0-40D6-969D-0AE589B2DD98}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{FDF876F1-D751-408E-9008-7B775F06B9AA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{E4CC8BB5-3BF2-432F-85C7-11140660B77C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{D73D5EB9-601D-45FD-BE78-D46116BAD05D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{F596F7F1-A7F5-4ED2-B970-72F603F33650}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{408A6988-8D38-4194-84A0-55304ADA9CB7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{3F64A141-92E7-40E4-9199-BFBADDC49746}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{07DE6AFF-D56E-4C27-A390-5058D25B795E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{8AE2B348-885C-40D2-9A28-2BF87AC99132}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{795681E5-7466-48BC-BE76-A23E9E930736}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{D29CF259-CE09-4F22-AC94-14F9E1401836}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe FirewallRules: [{16C8B40E-FFED-4091-BD6C-188E20DF1927}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe FirewallRules: [{543D5704-C820-4F4E-838F-1E239F6EBE34}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe FirewallRules: [{DE2F524B-16FC-4098-8E2E-5F8CDE0A893F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{441CCBF7-05F2-4005-AA9F-B4A8F25BCF0F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{9D34AE60-12BB-49F4-A595-08C3A329FBF6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{81948D61-7E37-4E5B-9233-6AB7733CB75A}] => (Allow) C:\Users\habewi\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{59C4625A-2EF6-4AC3-90CB-7DB77F3F7909}] => (Allow) C:\Users\habewi\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{C6B4A6D9-7F27-436D-9283-5CE1C2D471CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{722A1D96-8317-435B-90C8-EF837BBF8EB4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{15FC8DED-9D19-4CE6-9045-F9F6BE15F4CC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{D8A315FC-4154-4515-B28B-BED8430F3046}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{CE5A48B4-67CB-45A1-B6F7-29F17910A854}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{7ECB90A3-DC30-41F3-958E-737B180D6124}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe FirewallRules: [{8F332F6C-9DFA-458F-9BE0-B35394C73092}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{A6033434-6412-45FD-9E6C-B795656921F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe FirewallRules: [{B240962A-0B08-4D5E-AD4C-3B27F201E324}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{7F10618D-84BA-4C64-B96B-BED21CC38EC7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{E96AFDB7-56C8-4BD6-9CB8-8A3393C9E1C6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{16D3A808-1810-4443-9808-43856FA6E322}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{636C529F-94B9-472B-B10C-25D44F21B078}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{3512B366-C504-458F-92C5-321EF9ABC3D0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/04/2015 09:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2547 Error: (06/04/2015 09:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2547 Error: (06/04/2015 09:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/04/2015 09:06:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1266 Error: (06/04/2015 09:06:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1266 Error: (06/04/2015 09:06:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/04/2015 08:07:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2469 Error: (06/04/2015 08:07:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2469 Error: (06/04/2015 08:07:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/04/2015 08:07:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1250 System errors: ============= Error: (06/04/2015 10:36:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (06/04/2015 10:35:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%3758213661 Error: (06/04/2015 10:35:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "AVGIDSAgent" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%3758213661 Error: (05/24/2015 00:11:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/20/2015 05:58:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "HiSuiteOuc64.exe" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (05/20/2015 05:58:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "HuaweiHiSuiteService64.exe" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/18/2015 09:38:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/17/2015 08:58:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/15/2015 03:21:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240055 fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3047276) Error: (05/13/2015 08:38:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office: ========================= Error: (06/04/2015 09:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2547 Error: (06/04/2015 09:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2547 Error: (06/04/2015 09:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/04/2015 09:06:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1266 Error: (06/04/2015 09:06:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1266 Error: (06/04/2015 09:06:04 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/04/2015 08:07:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2469 Error: (06/04/2015 08:07:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2469 Error: (06/04/2015 08:07:42 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/04/2015 08:07:40 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1250 CodeIntegrity Errors: =================================== Date: 2014-10-28 22:42:51.481 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\AVG2015\avghooka.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz Percentage of memory in use: 30% Total physical RAM: 8115.27 MB Available physical RAM: 5643.54 MB Total Pagefile: 12083.27 MB Available Pagefile: 9343.5 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:459.59 GB) (Free:381.63 GB) NTFS Drive e: (Data) (Fixed) (Total:454.74 GB) (Free:327.14 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: BEEC1227) Partition: GPT Partition Type. ==================== End of log ============================ Ich hoffe ihr könnt mir helfen. Danke. mfg gts1000 |
Themen zu Möglicherweise DHL-Trojaner eingefangen |
.dll, adware, antivirus, avg, bonjour, browser, cid, defender, explorer, firefox, firefox 38.0.5, flash player, home, installation, launch, mozilla, omnibox, realtek, registry, secure search, security, siteadvisor, software, svchost.exe, trojaner, udp, usb, vtoolbarupdater, windows, wlan |