|
Plagegeister aller Art und deren Bekämpfung: infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.06.2015, 09:43 | #1 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Ich habe mir gestern wohl versehentlich eine infizierte Datei gedownloaded. Jedenfalls kann ich sie nicht mehr entfernen, zudem hab ich sämtliche neue Software (Oursurfing uninstall, chinesische Dateien mit dementsprechenden Zeichen, uvm.) Irgend ne Adware muss dabei sein, überall floppt Werbung auf. Kann mit jemand helfen dies zu entfernen? |
16.06.2015, 10:00 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
16.06.2015, 11:10 | #3 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus?Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Sonne (administrator) on HARLEY-DAVIDSON on 16-06-2015 11:49:59 Running from C:\Users\Sonne\Desktop Loaded Profiles: Sonne & (Available Profiles: Sonne) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Dummy, Ltd.) C:\Users\Sonne\Desktop\Robin Schulz feat Ilsey Headlights_10924_i20570157_il345.exe () C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe (DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (NavRight) C:\ProgramData\NavRight\NavRight.exe (NavRight) C:\ProgramData\NavRight\NavRight.exe (FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe (FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-10.exe (Windows APP) C:\Program Files (x86)\Rs\Rs.exe () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-1-6.exe () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\e2db6740-b937-4041-963f-f478680e12ae-1-6.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRealTimeSpeedup.exe (XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe (SearchProtect) C:\Program Files (x86)\MiuiTab\CmdShell.exe (XTab system) C:\Program Files (x86)\MiuiTab\HPNotify.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe (OldTimer Tools) C:\Users\Sonne\Desktop\Programme\PC Reinigung\TFC.exe (OldTimer Tools) C:\Users\Sonne\Desktop\Programme\PC Reinigung\TFC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\SnippingTool.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc) HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-15] (Windows APP) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe [355296 2015-06-15] (Tencent) HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\rstray.exe [111000 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation) AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [905728 2015-06-03] (FlashBeat) AppInit_DLLs: C:\ProgramData\NavRight\NavRight64.dll => C:\ProgramData\NavRight\NavRight64.dll [905216 2015-06-03] (NavRight) AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [630784 2015-06-03] (FlashBeat) AppInit_DLLs-x32: C:\ProgramData\NavRight\NavRight32.dll => C:\ProgramData\NavRight\NavRight32.dll [629248 2015-06-03] (NavRight) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-18] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-04-02] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll [2015-06-15] (Tencent) BootExecute: autocheck autochk * bsmain GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {ABEC6EA7-E055-4279-AEF4-75C6572FA32E} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ABEC6EA7-E055-4279-AEF4-75C6572FA32E} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms} BHO: No Name -> {2BF6CDAE-6D19-44ED-9035-D44BA7CD20C5} -> No File BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat [2015-06-15] (Tencent) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-12] (Thinknice Co. Limited) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-27] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-27] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: oursurfing FF SelectedSearchEngine: oursurfing FF Homepage: hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll [2015-06-15] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.) FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.) FF user.js: detected! => C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\user.js [2015-06-16] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\searchplugins\oursurfing.xml [2015-06-16] FF Extension: PriceLEss - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\2D@eVBEZhK.edu [2015-06-15] FF Extension: CinemaPlus_1.3dV15.06 - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com [2015-06-15] FF Extension: CinemaPlus_1.3dV15.06 - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\AVJYFVOD75109374@HCDE39471360.com [2015-06-16] FF Extension: PrIcELEsS - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\gEO@d2pbIs.org [2015-06-15] FF Extension: QuickSearch - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\searchffv2@gmail.com [2015-06-15] FF Extension: Search Enginer - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\sweetsearch@gmail.com [2015-06-15] FF Extension: NoScript - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-28] FF Extension: Adblock Plus - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-28] FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\extensions\sweetsearch@gmail.com FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\extensions\searchffv2@gmail.com FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (CinemaPlus_1.3dV15.06) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli [2015-06-15] CHR Extension: (CinemaPlus_1.3dV15.06) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-06-15] CHR Extension: (Google Wallet) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09] CHR Extension: (Amazon) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-02-10] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Sonne\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-12] CHR HKLM-x32\...\Chrome\Extension: [ooebklgpfnbcnpokahmdidgbmlcdepkm] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125056 2015-06-12] (XTab system) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed] R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED) R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [297608 2015-06-15] (Tencent) R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-06-15] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) R3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-06-15] (Tencent) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed] R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-16] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) U0 mtxfhi; C:\Windows\System32\drivers\cejxy.sys [79064 2015-06-16] (Malwarebytes Corporation) R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUdisk64.sys [62264 2015-06-15] (Tencent) R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQSysMonX64.sys [129336 2015-06-15] (电脑管家) R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-06-15] (Tencent) R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-15] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-15] (电脑管家) R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tscpm64.sys [42296 2015-06-15] (电脑管家) R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSDefenseBT64.sys [28472 2015-06-15] (Tencent) R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-15] (电脑管家) R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSSysKit64.sys [87352 2015-06-15] (电脑管家) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 11:49 - 2015-06-16 11:50 - 00033867 _____ C:\Users\Sonne\Desktop\FRST.txt 2015-06-16 11:47 - 2015-06-16 11:47 - 02109952 _____ (Farbar) C:\Users\Sonne\Desktop\FRST64.exe 2015-06-16 11:06 - 2015-06-16 11:06 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini 2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ___RD C:\RavBin 2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus 2015-06-16 11:06 - 2015-06-16 11:04 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll 2015-06-16 11:05 - 2015-06-16 10:35 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll 2015-06-16 11:05 - 2015-06-16 10:35 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll 2015-06-16 11:05 - 2015-06-16 10:32 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys 2015-06-16 11:05 - 2015-06-16 10:31 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe 2015-06-16 10:30 - 2015-06-16 10:30 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\cejxy.sys 2015-06-16 10:26 - 2015-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-15 18:29 - 2015-06-16 11:36 - 00000112 _____ C:\Windows\setupact.log 2015-06-15 18:29 - 2015-06-15 18:29 - 00000000 _____ C:\Windows\setuperr.log 2015-06-15 17:20 - 2015-06-15 17:20 - 00003430 _____ C:\Windows\System32\Tasks\AmiUpdXp 2015-06-15 17:20 - 2015-06-15 17:20 - 00000378 _____ C:\Windows\Tasks\AmiUpdXp.job 2015-06-15 17:20 - 2015-06-15 17:20 - 00000000 ____D C:\Users\Sonne\AppData\Local\32281 2015-06-15 17:08 - 2015-06-15 17:08 - 00000000 ____D C:\ProgramData\TXQMPC 2015-06-15 17:03 - 2015-06-15 17:03 - 00003160 _____ C:\Windows\System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D} 2015-06-15 16:57 - 2015-06-15 16:57 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\1CD8A1AE-1434380225-E011-8946-8C736EA82B7D 2015-06-15 16:54 - 2015-06-15 17:02 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\oursurfing 2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\ProgramData\eolmjdcbmnnkhdgehgjabfihnechnicm 2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Program Files\Common Files\Tencent 2015-06-15 16:53 - 2015-06-15 16:52 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys 2015-06-15 16:52 - 2015-06-15 17:12 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Tencent 2015-06-15 16:52 - 2015-06-15 17:08 - 00000000 ____D C:\ProgramData\Tencent 2015-06-15 16:52 - 2015-06-15 16:52 - 00000000 ____D C:\Program Files (x86)\Tencent 2015-06-15 16:52 - 2015-06-15 16:52 - 00000000 ____D C:\Program Files (x86)\MyPCBU 2015-06-15 16:50 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System 2015-06-15 16:50 - 2015-06-16 10:56 - 00000998 _____ C:\Windows\Tasks\bNGItKJsccWOg.job 2015-06-15 16:50 - 2015-06-16 10:30 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-06-15 16:50 - 2015-06-16 10:30 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-06-15 16:50 - 2015-06-15 16:50 - 00004052 _____ C:\Windows\System32\Tasks\R3jz8d0TYYLlGbCwf1NT 2015-06-15 16:50 - 2015-06-15 16:50 - 00004050 _____ C:\Windows\System32\Tasks\R3jz8d0TYYLlGbCwf1N 2015-06-15 16:50 - 2015-06-15 16:50 - 00004038 _____ C:\Windows\System32\Tasks\bNGItKJsccWOg 2015-06-15 16:50 - 2015-06-15 16:50 - 00004036 _____ C:\Windows\System32\Tasks\bNGItKJsccWO 2015-06-15 16:50 - 2015-06-15 16:50 - 00001012 _____ C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1NT.job 2015-06-15 16:50 - 2015-06-15 16:50 - 00001010 _____ C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1N.job 2015-06-15 16:50 - 2015-06-15 16:50 - 00000996 _____ C:\Windows\Tasks\bNGItKJsccWO.job 2015-06-15 16:50 - 2015-06-15 16:50 - 00000150 __RSH C:\rising.ini 2015-06-15 16:50 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-06-15 16:49 - 2015-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-06-15 16:49 - 2015-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Rs 2015-06-15 16:49 - 2015-06-15 16:50 - 00000000 ____D C:\ProgramData\Rising 2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Users\Sonne\AppData\Local\globalUpdate 2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Rising 2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\b24cd062-bf2a-4359-9342-85828b0ba5d3 2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\639202a2-5fcc-4a00-ba2e-ebce06ee95fc 2015-06-15 16:48 - 2015-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\CinemaPlus_1.3dV15.06 2015-06-15 16:48 - 2015-06-16 10:26 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-06-15 16:48 - 2015-06-15 16:49 - 00000330 _____ C:\Windows\Tasks\WTKXPWLM1.job 2015-06-15 16:48 - 2015-06-15 16:48 - 00003572 _____ C:\Windows\System32\Tasks\DWBTM 2015-06-15 16:48 - 2015-06-15 16:48 - 00002852 _____ C:\Windows\System32\Tasks\WTKXPWLM1 2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\FlashBeat 2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\37e30e59d1a7430da05c726d0388106f 2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e 2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\Program Files (x86)\cinemaplus 2015-06-15 16:47 - 2015-06-16 10:30 - 00000000 ____D C:\ProgramData\WindowsMangerProtect 2015-06-15 16:47 - 2015-06-15 16:56 - 00000000 ____D C:\Program Files (x86)\MiuiTab 2015-06-15 16:47 - 2015-06-15 16:48 - 00000324 _____ C:\Windows\Tasks\XGGLNAPSJN1.job 2015-06-15 16:47 - 2015-06-15 16:47 - 00003572 _____ C:\Windows\System32\Tasks\HLEBG 2015-06-15 16:47 - 2015-06-15 16:47 - 00002846 _____ C:\Windows\System32\Tasks\XGGLNAPSJN1 2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\NavRight 2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\IHProtectUpDate 2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\830d280829ca4028a7f37bc821cc2f16 2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf 2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 _____ C:\Windows\hgfs.sys 2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage 2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\ASPackage 2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 _____ C:\Windows\prleth.sys 2015-06-15 16:45 - 2015-06-15 16:45 - 00000000 ____D C:\ProgramData\9218317531913342215 2015-06-15 16:44 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\app_setup 2015-06-15 16:44 - 2015-06-15 16:44 - 00000000 ____D C:\ProgramData\efacfndghcpfjhjefehpihglncakjhem 2015-06-15 16:44 - 2015-06-15 16:44 - 00000000 ____D C:\Program Files (x86)\C2PC 2015-06-15 16:42 - 2015-06-15 16:42 - 01483792 _____ (Dummy, Ltd.) C:\Users\Sonne\Desktop\Robin Schulz feat Ilsey Headlights_10924_i20570157_il345.exe 2015-06-08 01:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-06-08 01:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-06-04 13:56 - 2015-06-08 08:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-05-20 10:46 - 2015-05-20 10:46 - 00013489 _____ C:\Users\Sonne\Documents\Stadt W´hausen Herr Meyer (PayPal).odt 2015-05-18 14:11 - 2015-05-21 15:48 - 00001937 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-05-18 14:11 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2015-05-18 14:10 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-05-18 14:10 - 2015-05-18 14:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-05-18 14:10 - 2015-05-18 14:10 - 00002013 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 11:50 - 2013-07-02 19:21 - 00000000 ____D C:\FRST 2015-06-16 11:41 - 2013-03-28 20:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-16 11:40 - 2014-11-13 11:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-16 11:39 - 2013-11-28 20:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-16 11:39 - 2011-09-30 23:16 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-16 11:36 - 2013-06-07 21:17 - 01955456 _____ C:\Windows\WindowsUpdate.log 2015-06-16 11:36 - 2011-09-30 23:24 - 00064544 _____ C:\Users\Sonne\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-16 10:34 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-16 10:34 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-16 10:30 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media 2015-06-15 17:02 - 2013-09-09 15:44 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-15 17:02 - 2013-07-09 11:08 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-15 17:02 - 2013-07-09 11:08 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-06-15 17:02 - 2011-09-30 23:34 - 00001431 _____ C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-15 16:59 - 2013-04-17 16:39 - 00000000 ____D C:\Users\Sonne\AppData\Local\CrashDumps 2015-06-15 16:54 - 2011-09-30 23:37 - 00000000 ____D C:\Users\Sonne\AppData\Local\VirtualStore 2015-06-15 14:30 - 2011-09-30 23:16 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 12:41 - 2013-03-28 20:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-11 12:41 - 2013-03-28 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-11 12:41 - 2011-09-30 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-09 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-08 08:43 - 2013-07-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-08 01:36 - 2009-07-14 06:45 - 00294928 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-08 01:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\system32\GWX 2015-06-08 01:32 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-06-08 01:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-06-08 01:10 - 2012-03-28 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2015-06-08 01:10 - 2011-04-16 12:56 - 01649782 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-06-08 01:10 - 2011-02-14 14:57 - 00700118 _____ C:\Windows\system32\perfh007.dat 2015-06-08 01:10 - 2011-02-14 14:57 - 00149968 _____ C:\Windows\system32\perfc007.dat 2015-06-08 01:04 - 2012-05-14 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-06-04 13:34 - 2015-05-15 21:27 - 00000000 ____D C:\Users\Sonne\Documents\Musch Delank Imex 2015-05-21 15:57 - 2011-09-30 23:55 - 00000000 ____D C:\Users\Sonne\Desktop\Fotos 2015-05-20 14:44 - 2011-09-30 23:23 - 00000000 ____D C:\Users\Sonne\AppData\Local\Adobe 2015-05-19 11:42 - 2012-04-01 11:15 - 00000000 ____D C:\Users\Sonne\Documents\Eigene Dateien 2015-05-19 09:12 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 14:11 - 2015-01-11 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-05-18 14:11 - 2011-09-30 23:41 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Adobe 2015-05-18 14:10 - 2011-09-30 23:18 - 00000000 ____D C:\ProgramData\Adobe 2015-05-18 13:34 - 2011-09-30 23:16 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 13:34 - 2011-09-30 23:16 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe 2013-06-27 11:07 - 2013-06-27 11:07 - 0000005 _____ () C:\Users\Sonne\AppData\Roaming\WBPU-TTL.DAT 2013-10-02 20:36 - 2014-01-05 15:11 - 0000678 _____ () C:\Users\Sonne\AppData\Local\cookies.ini Some files in TEMP: ==================== C:\Users\Sonne\AppData\Local\Temp\C2PC_SP.exe C:\Users\Sonne\AppData\Local\Temp\Launcher__13202.exe C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe C:\Users\Sonne\AppData\Local\Temp\sc-setup-1.10.0.16.exe C:\Users\Sonne\AppData\Local\Temp\sdf1C73.exe C:\Users\Sonne\AppData\Local\Temp\sdf86AA.exe C:\Users\Sonne\AppData\Local\Temp\sdf9C1E.exe C:\Users\Sonne\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-09 15:25 ==================== End of log ============================ FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by Sonne at 2015-06-16 11:51:42 Running from C:\Users\Sonne\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2983943463-2176006230-4185877932-500 - Administrator - Disabled) Gast (S-1-5-21-2983943463-2176006230-4185877932-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2983943463-2176006230-4185877932-1002 - Limited - Enabled) Sonne (S-1-5-21-2983943463-2176006230-4185877932-1001 - Administrator - Enabled) => C:\Users\Sonne ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION! Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.) C2PC version 1.8 (HKLM-x32\...\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1) (Version: 1.8 - ) CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform) cinemaplus version 2.04 (HKLM-x32\...\{59680D1A-6A49-4E85-BB42-6886773DF589}_is1) (Version: 2.04 - ) <==== ATTENTION CinemaPlus_1.3dV15.06 (HKLM-x32\...\CinemaPlus_1.3dV15.06) (Version: 1.36.01.22 - CinemaPlus_1.3dV15.06) <==== ATTENTION D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions) eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.) FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION! Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden FreeOCR v5.0 (HKLM-x32\...\freeocr_is1) (Version: - ) Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version: - ) Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED) Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: - ) Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: - ) Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}) (Version: 22.0.334.0 - Hewlett-Packard Co.) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: - ) LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyPCBU version 2.25 (HKLM-x32\...\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1) (Version: 2.25 - ) NavRight (HKLM-x32\...\NavRight) (Version: - ) Nero 9 Essentials (HKLM-x32\...\{54da196d-166e-41ff-97b8-b36d914b919c}) (Version: - Nero AG) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) oursurfing uninstall (HKLM-x32\...\oursurfing uninstall) (Version: - oursurfing) <==== ATTENTION PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED) Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: - ) Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.) Rising Antivirus (HKLM-x32\...\RAV) (Version: 24.00.43.07 - Beijing Rising Information Technology, Inc.) Rising Software Deployment System (HKLM-x32\...\RSD) (Version: 23.00.01.02 - Beijing Rising Information Technology, Inc.) Rossmann Fotowelt Software 4.9 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.9 - ORWO Net) Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer) VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\VisualBee for Microsoft PowerPoint) (Version: V3.9 - VisualBee.com) VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.9 - VisualBee.com) VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version: - VTech) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Zip Opener Packages 83 (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Zip Opener Packages 83) (Version: - ) <==== ATTENTION Zip Opener Packages 83 (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Zip Opener Packages 83) (Version: - ) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 08-05-2015 12:34:43 Windows Update 15-05-2015 14:18:39 Windows Update 19-05-2015 11:30:30 Windows Update 22-05-2015 13:33:32 Windows Update 28-05-2015 09:29:41 Windows Update 04-06-2015 13:34:06 Windows Update 08-06-2015 01:01:03 Windows Update 12-06-2015 15:46:14 Windows Update 15-06-2015 16:50:44 LavasoftWeCompanion 16-06-2015 10:45:44 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-06-27 13:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {008A50F6-6F65-4BD2-9CED-9C791EF23812} - System32\Tasks\WTKXPWLM1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-03] (FlashBeat) <==== ATTENTION Task: {052DD86F-62F1-497A-A9E5-710BA7A63CB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.) Task: {0B591F0B-E6B2-4AAC-A1B2-1E75764927A9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {0C20330D-F6F8-4F2E-8E55-839AA9A4126A} - System32\Tasks\AmiUpdXp => C:\Users\Sonne\AppData\Local\32281\Updater.exe [2015-06-09] () <==== ATTENTION Task: {0E14688E-C9EE-4B4D-A5A5-551D4BE1CA20} - System32\Tasks\XGGLNAPSJN1 => C:\ProgramData\NavRight\NavRight.exe [2015-06-03] (NavRight) <==== ATTENTION Task: {23D0AE57-EA18-4B45-8047-200E93E04815} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.) Task: {240F7B74-8D37-46DA-8750-052664AEABBB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-17] (Microsoft Corporation) Task: {2A9F2D7A-9915-4466-8678-A21B3B1D1363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {31656AD6-33B9-45E2-8C4C-F877E75F8096} - System32\Tasks\R3jz8d0TYYLlGbCwf1NT => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe [2015-04-20] () <==== ATTENTION Task: {3411171A-79EB-4AF9-A62B-E9E629B0164A} - System32\Tasks\bNGItKJsccWOg => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe [2015-04-20] () <==== ATTENTION Task: {49A6221B-522F-4306-B4C6-C3E86C02A0F8} - System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D} => pcalua.exe -a C:\Users\Sonne\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt Task: {5C3F2F40-0337-4951-8437-B5CCCCC99282} - System32\Tasks\{18968C56-914E-4610-8DF1-80B92D002E96} => pcalua.exe -a C:\Users\Sonne\Downloads\marineemail.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {65A6A838-CF81-4A49-AED4-D6FD263E0342} - \QtraxPlayer No Task File <==== ATTENTION Task: {69FC9E73-AB0D-4594-A8C2-DDE5D47DDCED} - System32\Tasks\DWBTM => C:\ProgramData\37e30e59d1a7430da05c726d0388106f\37e30e59d1a7430da05c726d0388106f.exe [2015-06-03] () <==== ATTENTION Task: {6AEEDEA0-A547-4EA4-9AFD-BFA6D14445C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated) Task: {6B7C6944-8702-4A14-BB6E-520DD18A2A23} - System32\Tasks\HLEBG => C:\ProgramData\830d280829ca4028a7f37bc821cc2f16\830d280829ca4028a7f37bc821cc2f16.exe [2015-06-03] () <==== ATTENTION Task: {82487041-C999-4ECE-AB7C-7EFD19457194} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {85E8106C-2D2C-40FD-B2AB-B54F42DD7C5A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {974EC68E-FAF1-4CE4-9A02-98FF7880FA7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {C0BF6834-9915-4732-9C72-46A1CE0E29F5} - System32\Tasks\R3jz8d0TYYLlGbCwf1N => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N.exe <==== ATTENTION Task: {C81A6CC7-9F65-4B36-9A95-33D5EBF5372E} - \DealPly No Task File <==== ATTENTION Task: {E46C9C0B-AAEF-4E29-BB4F-E8169FDD5DBA} - System32\Tasks\bNGItKJsccWO => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO.exe <==== ATTENTION Task: {F0E5005F-E2B8-459E-A428-D7BB161AA46B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {F18FBE52-13C8-49FF-B7FC-18FCA0169CDD} - \DealPlyUpdate No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sonne\AppData\Local\32281\Updater.exe <==== ATTENTION Task: C:\Windows\Tasks\bNGItKJsccWO.job => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO.exe <==== ATTENTION Task: C:\Windows\Tasks\bNGItKJsccWOg.job => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1N.job => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N.exe <==== ATTENTION Task: C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1NT.job => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe <==== ATTENTION Task: C:\Windows\Tasks\WTKXPWLM1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION Task: C:\Windows\Tasks\XGGLNAPSJN1.job => C:\ProgramData\NavRight\NavRight.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2013-06-24 10:54 - 2013-06-20 09:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe 2015-06-15 16:43 - 2015-06-15 16:43 - 00637456 _____ () C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe 2015-06-15 16:48 - 2015-06-15 16:48 - 01418832 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-10.exe 2015-06-15 16:50 - 2015-06-15 16:50 - 01313872 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-1-6.exe 2015-06-15 16:50 - 2015-06-15 16:50 - 01561168 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\e2db6740-b937-4041-963f-f478680e12ae-1-6.exe 2013-06-24 10:54 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll 2013-06-24 10:54 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll 2013-06-24 10:54 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll 2013-06-24 10:54 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll 2013-06-24 10:54 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll 2013-06-24 10:54 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll 2013-06-24 10:54 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll 2013-06-24 10:54 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll 2013-06-24 10:54 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll 2013-06-24 10:54 - 2010-06-02 07:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll 2013-06-24 10:54 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll 2011-01-17 16:19 - 2012-04-02 12:01 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2010-11-19 18:45 - 2012-04-02 12:01 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\zlib.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libexpatw.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tinyxml.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\sqlite.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\oDayProtect.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00203104 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQFileFlt.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\xGraphic32.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\arkGraphic.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\jgImage.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libpng.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libjpegturbo.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\jgIOStub.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\xImage.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00076128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\MemDefrag.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00571800 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMLoader\QQPCDetector.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00235872 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMWlanMacDll.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\zlib.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libexpatw.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\tinyxml.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\xGraphic32.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\arkGraphic.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\jgImage.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libpng.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libjpegturbo.dll 2015-06-15 16:52 - 2015-06-15 16:52 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\jgIOStub.dll 2015-06-11 12:41 - 2015-06-11 12:41 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100sexlinks.com -> 100sexlinks.com There are 5317 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{55CCA8F9-D7B5-4F9D-A1C7-0B120701405F}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe FirewallRules: [{B468A948-BB76-4CC2-8EF5-6D096A47B629}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe FirewallRules: [{CF74D96B-E1AF-4464-BBA7-6E115330DC86}] => (Allow) C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{457EC9A3-52BC-49DA-93F0-076B646025E4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D5351F3C-C8D2-49A3-AEDA-74CD7573D131}] => (Allow) LPort=2869 FirewallRules: [{159A9B9B-3C47-48E0-B8A7-E5E0B58DEA73}] => (Allow) LPort=1900 FirewallRules: [{C3CE3E41-BC8A-4006-93C6-64BBF3F1BBCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{69095B4D-B1DD-4937-900E-764FB4BFDC74}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{027761D3-0BC9-4612-9AC4-B14267E6A1E7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{2724A7D4-B849-4303-8964-334540F1B94D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{88C79719-3F96-4DC0-AF71-AFEC59DD0098}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{30BB36D4-C5D6-4159-93A1-BC3151A034CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{17D53D46-A97F-4EE3-971C-B63FFE14E20B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{E033C7B7-2C7D-4154-8093-BF61B71ED4CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{70C0E24B-7BC3-4ACB-8ECE-AA2E1567D9D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{609E758D-717E-4834-9282-0228860D500C}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe FirewallRules: [{98E0B3BC-E288-498B-B3A4-578CE05808E8}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe FirewallRules: [{21A5AA21-61CA-4320-83DE-399BA6221F46}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCmgrInstallGuide.exe FirewallRules: [{2602B83B-1568-40C5-A807-3D8B187937BD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{40CE0218-73D9-4A4F-91FC-8A5DE007F6A6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{AC4607BC-E257-44B8-9CB1-BE57E67263FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe FirewallRules: [{6C6F446B-5DCF-41D0-B111-4466031A7A9C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCMgr.exe FirewallRules: [{C0947541-CF29-4751-A887-F4BCD33EDCAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe FirewallRules: [{DC2A925D-A8D1-407A-86B8-2D2E9280DBEA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMDL.exe FirewallRules: [{81EF5DF4-68DE-429A-9E3D-B43C6BAF0CAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\bugreport.exe FirewallRules: [{7F1A03C7-2D48-4FA2-8D26-3D9A19FB1F14}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCFileOpen.exe FirewallRules: [{112B5B9F-E5D2-48F7-ADD1-457835463309}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLeakScan.exe FirewallRules: [{CBF8034A-63AF-41DC-BD89-0BD3024078AE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPConfig.exe FirewallRules: [{2E84B329-707E-4707-BDF6-F69283F8898B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftMgr.exe FirewallRules: [{B412D22A-BC2C-4B33-BFDE-637399E97679}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe FirewallRules: [{BA6450E5-CC5F-4446-BE3F-B9DEE93C1854}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCBTU.exe FirewallRules: [{FAA11A10-0A48-4E71-BDD2-488DA3454B94}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCClinic.exe FirewallRules: [{97D14ABF-BF44-43B2-BE3B-536DEEC0F6C2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLaunch.exe FirewallRules: [{BD948B14-8C19-4799-B2A4-D7904DF21CF5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\QQPCMgrUpdate.exe FirewallRules: [{FBB344B2-584B-4308-A2F2-CE70AB3D968C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftGame.exe FirewallRules: [{1CD34930-42E6-4A4C-B569-3D7926CCED2D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSysOptimize.exe FirewallRules: [{65251F91-D874-48BD-B251-1874D834E5BE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCUpdateAVLib.exe FirewallRules: [{A8A802BB-5C55-45B0-B4D1-703FBB22C0FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQRepair.exe FirewallRules: [{D31B42DD-FD8B-4D94-AE62-BB9F46539659}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\Uninst.exe FirewallRules: [{9A32480F-FA3E-4286-99F5-FC3BDC41DE33}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCPatch.exe FirewallRules: [{CAFF155D-2F2E-4355-BF76-9EC6DD49C97C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TpkUpdate.exe FirewallRules: [{8C13F7E8-00D4-4215-98A3-09ED996C24D0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMRouterMgr.exe FirewallRules: [{25C46C94-E505-4199-B70A-08C91E15345C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAccountProtection.exe FirewallRules: [{F367AF67-BF06-4DC1-B514-C57A7B023FED}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAdBlock.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error: (06/16/2015 10:30:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000d71ba ID des fehlerhaften Prozesses: 0x16a0 Startzeit der fehlerhaften Anwendung: 0x0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0 Pfad der fehlerhaften Anwendung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe1 Pfad des fehlerhaften Moduls: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe2 Berichtskennung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe3 Error: (06/15/2015 04:55:45 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: ) Description: WindowsMangerProtect Error: (06/15/2015 04:52:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1". Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/15/2015 04:49:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson) Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden. Error: (06/15/2015 04:49:18 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson) Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden. Error: (06/15/2015 04:45:41 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (06/15/2015 02:24:29 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: System errors: ============= Error: (06/15/2015 04:53:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "QQPCMgr RTP Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/15/2015 04:52:28 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {9A754403-27B1-4ED7-96D7-588F07888EBF} Error: (06/15/2015 04:50:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "Rav Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/15/2015 04:49:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "Rsd Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/08/2015 01:37:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT) Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus. Error: (06/08/2015 01:37:48 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 Error: (06/08/2015 01:37:48 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (06/08/2015 01:37:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%16405 Error: (06/04/2015 01:23:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst IE Search Set erreicht. Error: (06/04/2015 01:22:32 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 02.06.2015 um 20:53:53 unerwartet heruntergefahren. Microsoft Office: ========================= Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. Error: (06/16/2015 10:30:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0.0.0.0000000000ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0.0.0.000000000c0000005000d71ba16a001d0a77a857e0638C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exeC:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exeee1495d1-1401-11e5-ac95-e0ca9437c504 Error: (06/15/2015 04:55:45 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: ) Description: WindowsMangerProtect Error: (06/15/2015 04:52:17 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Users\Sonne\AppData\Local\Temp\Tencent\QQPCMgr\~2754c540\TestMSVCR_64.exe Error: (06/15/2015 04:49:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson) Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (06/15/2015 04:49:18 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson) Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (06/15/2015 04:45:41 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: Error: (06/15/2015 02:24:29 PM) (Source: Adobe Reader) (EventID: 16) (User: ) Description: CodeIntegrity Errors: =================================== Date: 2013-06-27 13:08:33.046 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-27 13:08:32.968 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz Percentage of memory in use: 66% Total physical RAM: 3892.55 MB Available physical RAM: 1289.59 MB Total Pagefile: 7783.3 MB Available Pagefile: 4165.4 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:463.76 GB) (Free:250.36 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B477DB1C) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS) ==================== End of log ============================ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.06.2015 Suchlauf-Zeit: 11:40:36 Logdatei: malwarebytes.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.16.03 Rootkit Datenbank: v2015.06.15.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sonne Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 393707 Verstrichene Zeit: 27 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) |
16.06.2015, 11:11 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu?
__________________ Logfiles bitte immer in CODE-Tags posten |
16.06.2015, 11:44 | #5 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? ich hatte gestern nur einmal Malewarebytes scan durchgeführt in der Hoffnung dass dann alles beseitigt ist aber ich habe keinen Log mehr dazu. Daher hatte ich eben einen neues Scan durchgeführt. Sonst hatte ich noch nichts gemacht |
16.06.2015, 12:10 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
__________________ --> infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? |
16.06.2015, 19:17 | #7 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Habe alles befolgt, jedoch von den 7 aufgelisteten Dateien nur 2 finden können (cinemaplus und ZipOpenerPackages 83). Beim Zipopener gab es noch eine Fehlermeldung, hatte sie versehentlich weggeklickt Was kann ich nun tun? |
16.06.2015, 22:03 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
17.06.2015, 10:10 | #9 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus?Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 17/06/2015 um 10:39:28 # Aktualisiert 01/06/2015 von Xplode # Datenbank : 2015-06-17.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Sonne - HARLEY-DAVIDSON # Gestarted von : C:\Users\Sonne\Desktop\AdwCleaner_4.206.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** [!] Ordner Gelöscht : C:\ProgramData\tencent [!] Ordner Gelöscht : C:\Program Files (x86)\tencent Ordner Gelöscht : C:\Program Files (x86)\C2PC Ordner Gelöscht : C:\Program Files (x86)\Common Files\tencent Ordner Gelöscht : C:\Users\Sonne\AppData\Local\Temp\tencent Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent [!] Ordner Gelöscht : C:\Program Files\Common Files\tencent Ordner Gelöscht : C:\Users\Sonne\AppData\Local\globalUpdate [!] Ordner Gelöscht : C:\Users\Sonne\AppData\Roaming\tencent Ordner Gelöscht : C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli Datei Gelöscht : C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmfnfnpmhcllokmkepffndflpnadjmma_0.localstorage Datei Gelöscht : C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmfnfnpmhcllokmkepffndflpnadjmma_0.localstorage-journal Datei Gelöscht : C:\Users\Sonne\Favorites\eBay.lnk Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\WBPU-TTL.DAT Datei Gelöscht : C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????\????\????.lnk ***** [ Geplante Tasks ] ***** Task Gelöscht : Dealply Task Gelöscht : DealPlyUpdate Task Gelöscht : QtraxPlayer Task Gelöscht : amiupdaterExd Task Gelöscht : amiupdaterExi Task Gelöscht : bNGItKJsccWO Task Gelöscht : bNGItKJsccWOg Task Gelöscht : R3jz8d0TYYLlGbCwf1N Task Gelöscht : R3jz8d0TYYLlGbCwf1NT ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\METNSD Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP Schlüssel Gelöscht : HKLM\SOFTWARE\f1397537-c0ce-432a-a9fb-03ea6853537a Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\GlobalUpdate Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions Schlüssel Gelöscht : HKCU\Software\powerpack Schlüssel Gelöscht : HKCU\Software\simplytech Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp Schlüssel Gelöscht : HKLM\SOFTWARE\VBMZ Schlüssel Gelöscht : HKLM\SOFTWARE\searchult Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17801 -\\ Mozilla Firefox v38.0.5 (x86 de) [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "oursurfing"); [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.oursurfing.com/web/favicon.ico"); [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "oursurfing"); [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searc[...] [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "oursurfing"); [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR"); [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Xr6TBO8JkymLSiJn.scode", "(function(){try{if(window.location.href.indexOf(\"rjr5qHw8qTCHqTaHrHkErja4rdY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...] [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.cookie.previous_page.value", "%22hxxp%3A//www.trojaner-board.de/167966-infizierter-laptop-adware-oursurfing-chi[...] [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5[...] [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...] [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.cTERK02plTF09h8D.scode", "(function(){try{if(window.location.href.indexOf(\"rjr5qHw8qTCHqTaHrHkErja4rdY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...] [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14df7b7342b757088c02099473daaacf"); [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false); [dxajxy9v.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); -\\ Google Chrome v43.0.2357.124 [C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms} [C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : ceaohckoegdncfpojeiehjkaffbdahli [C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR [C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR ************************* AdwCleaner[R0].txt - [9649 Bytes] - [28/11/2013 20:05:13] AdwCleaner[R1].txt - [1081 Bytes] - [11/03/2014 15:11:49] AdwCleaner[R2].txt - [1177 Bytes] - [02/04/2014 19:22:23] AdwCleaner[R3].txt - [1297 Bytes] - [04/04/2014 10:14:09] AdwCleaner[R4].txt - [13153 Bytes] - [17/06/2015 10:28:26] AdwCleaner[R5].txt - [12392 Bytes] - [17/06/2015 10:33:26] AdwCleaner[R6].txt - [13052 Bytes] - [17/06/2015 10:37:13] AdwCleaner[S0].txt - [8864 Bytes] - [28/11/2013 20:05:52] AdwCleaner[S1].txt - [1145 Bytes] - [11/03/2014 15:13:07] AdwCleaner[S2].txt - [1239 Bytes] - [02/04/2014 19:23:12] AdwCleaner[S3].txt - [1359 Bytes] - [04/04/2014 10:14:44] AdwCleaner[S4].txt - [1039 Bytes] - [17/06/2015 10:31:06] AdwCleaner[S5].txt - [440 Bytes] - [17/06/2015 10:35:26] AdwCleaner[S6].txt - [12300 Bytes] - [17/06/2015 10:39:28] ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [12360 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 7.0.0 (06.17.2015:1) OS: Windows 7 Home Premium x64 Ran by Sonne on 17.06.2015 at 10:49:09,34 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Techgile Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Techgile ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Program Files (x86)\tencent Successfully deleted: [Folder] C:\ProgramData\tencent Successfully deleted: [Folder] C:\Users\Sonne\AppData\Roaming\tencent Successfully deleted: [Folder] C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e Successfully deleted: [Folder] C:\ProgramData\37e30e59d1a7430da05c726d0388106f Successfully deleted: [Folder] C:\ProgramData\830d280829ca4028a7f37bc821cc2f16 Successfully deleted: [Folder] C:\Users\Sonne\appdata\local\32281 ~~~ FireFox ~~~ Chrome [C:\Users\Sonne\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Sonne\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: ceaohckoegdncfpojeiehjkaffbdahli [C:\Users\Sonne\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Sonne\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17.06.2015 at 10:57:38,71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Sonne (administrator) on HARLEY-DAVIDSON on 17-06-2015 11:07:21 Running from C:\Users\Sonne\Desktop Loaded Profiles: Sonne (Available Profiles: Sonne) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc) HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-15] (Windows APP) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTRAY.EXE" /regrun /qqrepair HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\rstray.exe [111000 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation) AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-18] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-04-02] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File BootExecute: autocheck autochk * bsmain GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {2BF6CDAE-6D19-44ED-9035-D44BA7CD20C5} -> No File BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-27] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-27] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Extension: NoScript - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-28] FF Extension: Adblock Plus - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-28] FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-06-15] CHR Extension: (Google Wallet) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09] CHR Extension: (Amazon) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-02-10] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Sonne\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed] S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED) R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-06-15] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed] R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-15] (电脑管家) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 10:57 - 2015-06-17 10:57 - 00002400 _____ C:\Users\Sonne\Desktop\JRT.txt 2015-06-17 10:49 - 2015-06-17 10:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HARLEY-DAVIDSON-Windows-7-Home-Premium-(64-bit).dat 2015-06-17 10:49 - 2015-06-17 10:49 - 00000000 ____D C:\RegBackup 2015-06-17 10:48 - 2015-06-17 10:48 - 02946265 _____ (Thisisu) C:\Users\Sonne\Desktop\JRT.exe 2015-06-17 10:41 - 2015-06-17 10:41 - 00000000 ____D C:\ProgramData\TXQMPC 2015-06-17 10:26 - 2015-06-17 10:26 - 02231296 _____ C:\Users\Sonne\Desktop\AdwCleaner_4.206.exe 2015-06-16 20:04 - 2015-06-16 20:04 - 00001234 _____ C:\Users\Sonne\Desktop\Revo Uninstaller.lnk 2015-06-16 20:04 - 2015-06-16 20:04 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-06-16 20:02 - 2015-06-16 20:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sonne\Desktop\revosetup95.exe 2015-06-16 12:21 - 2015-06-17 10:45 - 00003328 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} 2015-06-16 12:16 - 2015-06-16 12:20 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys 2015-06-16 12:14 - 2015-06-17 10:43 - 01253444 _____ C:\Windows\PFRO.log 2015-06-16 12:09 - 2015-06-16 12:09 - 00001216 _____ C:\Users\Sonne\Desktop\malwarebytes.txt 2015-06-16 11:51 - 2015-06-16 11:54 - 00047075 _____ C:\Users\Sonne\Desktop\Addition.txt 2015-06-16 11:49 - 2015-06-17 11:07 - 00016393 _____ C:\Users\Sonne\Desktop\FRST.txt 2015-06-16 11:47 - 2015-06-16 11:47 - 02109952 _____ (Farbar) C:\Users\Sonne\Desktop\FRST64.exe 2015-06-16 11:06 - 2015-06-16 11:06 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini 2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ___RD C:\RavBin 2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus 2015-06-16 11:06 - 2015-06-16 11:04 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll 2015-06-16 11:05 - 2015-06-16 10:35 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll 2015-06-16 11:05 - 2015-06-16 10:35 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll 2015-06-16 11:05 - 2015-06-16 10:32 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys 2015-06-16 11:05 - 2015-06-16 10:31 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe 2015-06-16 10:26 - 2015-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-15 18:29 - 2015-06-17 10:43 - 00000560 _____ C:\Windows\setupact.log 2015-06-15 18:29 - 2015-06-15 18:29 - 00000000 _____ C:\Windows\setuperr.log 2015-06-15 17:03 - 2015-06-15 17:03 - 00003160 _____ C:\Windows\System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D} 2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-15 16:53 - 2015-06-15 16:52 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys 2015-06-15 16:50 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System 2015-06-15 16:50 - 2015-06-16 10:30 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-06-15 16:50 - 2015-06-16 10:30 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-06-15 16:50 - 2015-06-15 16:50 - 00000150 __RSH C:\rising.ini 2015-06-15 16:50 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-06-15 16:49 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\b24cd062-bf2a-4359-9342-85828b0ba5d3 2015-06-15 16:49 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\639202a2-5fcc-4a00-ba2e-ebce06ee95fc 2015-06-15 16:49 - 2015-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Rs 2015-06-15 16:49 - 2015-06-15 16:50 - 00000000 ____D C:\ProgramData\Rising 2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Rising 2015-06-15 16:48 - 2015-06-17 10:43 - 00000330 _____ C:\Windows\Tasks\WTKXPWLM1.job 2015-06-15 16:48 - 2015-06-16 10:26 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-06-15 16:48 - 2015-06-15 16:48 - 00003572 _____ C:\Windows\System32\Tasks\DWBTM 2015-06-15 16:48 - 2015-06-15 16:48 - 00002852 _____ C:\Windows\System32\Tasks\WTKXPWLM1 2015-06-15 16:47 - 2015-06-17 10:43 - 00000324 _____ C:\Windows\Tasks\XGGLNAPSJN1.job 2015-06-15 16:47 - 2015-06-15 16:47 - 00003572 _____ C:\Windows\System32\Tasks\HLEBG 2015-06-15 16:47 - 2015-06-15 16:47 - 00002846 _____ C:\Windows\System32\Tasks\XGGLNAPSJN1 2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 _____ C:\Windows\hgfs.sys 2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 _____ C:\Windows\prleth.sys 2015-06-08 01:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-06-08 01:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-06-04 13:56 - 2015-06-16 12:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-05-20 10:46 - 2015-05-20 10:46 - 00013489 _____ C:\Users\Sonne\Documents\Stadt W´hausen Herr Meyer (PayPal).odt 2015-05-18 14:11 - 2015-05-21 15:48 - 00001937 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-05-18 14:11 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2015-05-18 14:10 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-05-18 14:10 - 2015-05-18 14:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-05-18 14:10 - 2015-05-18 14:10 - 00002013 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 11:07 - 2013-07-02 19:21 - 00000000 ____D C:\FRST 2015-06-17 10:57 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-17 10:57 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-17 10:43 - 2011-09-30 23:16 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-17 10:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-17 10:41 - 2013-11-28 20:05 - 00000000 ____D C:\AdwCleaner 2015-06-17 10:41 - 2013-06-07 21:17 - 02009341 _____ C:\Windows\WindowsUpdate.log 2015-06-17 10:41 - 2013-03-28 20:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-17 10:39 - 2011-09-30 23:16 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-16 12:21 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-16 12:15 - 2009-07-14 06:45 - 00295648 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-16 12:14 - 2013-07-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-16 12:14 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media 2015-06-16 11:40 - 2014-11-13 11:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-16 11:39 - 2013-11-28 20:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-16 11:36 - 2011-09-30 23:24 - 00064544 _____ C:\Users\Sonne\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-15 17:02 - 2013-09-09 15:44 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-15 17:02 - 2013-07-09 11:08 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-15 17:02 - 2013-07-09 11:08 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-06-15 17:02 - 2011-09-30 23:34 - 00001431 _____ C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-15 16:59 - 2013-04-17 16:39 - 00000000 ____D C:\Users\Sonne\AppData\Local\CrashDumps 2015-06-15 16:54 - 2011-09-30 23:37 - 00000000 ____D C:\Users\Sonne\AppData\Local\VirtualStore 2015-06-11 12:41 - 2013-03-28 20:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-11 12:41 - 2013-03-28 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-11 12:41 - 2011-09-30 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-09 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\system32\GWX 2015-06-08 01:32 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-06-08 01:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-06-08 01:10 - 2012-03-28 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2015-06-08 01:10 - 2011-04-16 12:56 - 01649782 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-06-08 01:10 - 2011-02-14 14:57 - 00700118 _____ C:\Windows\system32\perfh007.dat 2015-06-08 01:10 - 2011-02-14 14:57 - 00149968 _____ C:\Windows\system32\perfc007.dat 2015-06-08 01:04 - 2012-05-14 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-06-04 13:34 - 2015-05-15 21:27 - 00000000 ____D C:\Users\Sonne\Documents\Musch Delank Imex 2015-05-21 15:57 - 2011-09-30 23:55 - 00000000 ____D C:\Users\Sonne\Desktop\Fotos 2015-05-20 14:44 - 2011-09-30 23:23 - 00000000 ____D C:\Users\Sonne\AppData\Local\Adobe 2015-05-19 11:42 - 2012-04-01 11:15 - 00000000 ____D C:\Users\Sonne\Documents\Eigene Dateien 2015-05-19 09:12 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 14:11 - 2015-01-11 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-05-18 14:11 - 2011-09-30 23:41 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Adobe 2015-05-18 14:10 - 2011-09-30 23:18 - 00000000 ____D C:\ProgramData\Adobe 2015-05-18 13:34 - 2011-09-30 23:16 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 13:34 - 2011-09-30 23:16 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2013-10-02 20:36 - 2014-01-05 15:11 - 0000678 _____ () C:\Users\Sonne\AppData\Local\cookies.ini Some files in TEMP: ==================== C:\Users\Sonne\AppData\Local\Temp\C2PC_SP.exe C:\Users\Sonne\AppData\Local\Temp\Quarantine.exe C:\Users\Sonne\AppData\Local\Temp\sqlite3.dll C:\Users\Sonne\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-16 20:35 ==================== End of log ============================ |
17.06.2015, 13:16 | #10 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Ok, habe alles befolgt. Im Taskmanager ist mir eben unter "Prozesse" das hier noch aufgefallen: |
17.06.2015, 13:19 | #11 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? So, habe alles befolgt, im Taskmanager habe ich folgendes noch gefunden, hoffe ich krieg den Screenshot hier jetzt gepostet |
17.06.2015, 15:11 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.06.2015, 16:10 | #13 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus?Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Sonne (administrator) on HARLEY-DAVIDSON on 17-06-2015 16:22:40 Running from C:\Users\Sonne\Desktop Loaded Profiles: Sonne (Available Profiles: Sonne) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc) HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED) HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-15] (Windows APP) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTRAY.EXE" /regrun /qqrepair HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\rstray.exe [111000 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe [927920 2015-06-11] (Adobe Systems Incorporated) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation) AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-18] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-04-02] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File BootExecute: autocheck autochk * bsmain GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {2BF6CDAE-6D19-44ED-9035-D44BA7CD20C5} -> No File BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-27] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-27] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Extension: NoScript - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-28] FF Extension: Adblock Plus - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-28] FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-06-15] CHR Extension: (Google Wallet) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09] CHR Extension: (Amazon) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-02-10] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Sonne\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed] S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed] S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED) R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-06-15] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.) S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed] R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-06-16] (Beijing Rising Information Technology Co., Ltd.) S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-15] (电脑管家) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 10:57 - 2015-06-17 10:57 - 00002400 _____ C:\Users\Sonne\Desktop\JRT.txt 2015-06-17 10:49 - 2015-06-17 10:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HARLEY-DAVIDSON-Windows-7-Home-Premium-(64-bit).dat 2015-06-17 10:49 - 2015-06-17 10:49 - 00000000 ____D C:\RegBackup 2015-06-17 10:48 - 2015-06-17 10:48 - 02946265 _____ (Thisisu) C:\Users\Sonne\Desktop\JRT.exe 2015-06-17 10:41 - 2015-06-17 10:41 - 00000000 ____D C:\ProgramData\TXQMPC 2015-06-17 10:26 - 2015-06-17 10:26 - 02231296 _____ C:\Users\Sonne\Desktop\AdwCleaner_4.206.exe 2015-06-16 20:04 - 2015-06-16 20:04 - 00001234 _____ C:\Users\Sonne\Desktop\Revo Uninstaller.lnk 2015-06-16 20:04 - 2015-06-16 20:04 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-06-16 20:02 - 2015-06-16 20:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sonne\Desktop\revosetup95.exe 2015-06-16 12:21 - 2015-06-17 10:45 - 00003328 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} 2015-06-16 12:16 - 2015-06-16 12:20 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys 2015-06-16 12:14 - 2015-06-17 10:43 - 01253444 _____ C:\Windows\PFRO.log 2015-06-16 12:09 - 2015-06-16 12:09 - 00001216 _____ C:\Users\Sonne\Desktop\malwarebytes.txt 2015-06-16 11:51 - 2015-06-16 11:54 - 00047075 _____ C:\Users\Sonne\Desktop\Addition.txt 2015-06-16 11:49 - 2015-06-17 16:23 - 00016650 _____ C:\Users\Sonne\Desktop\FRST.txt 2015-06-16 11:47 - 2015-06-16 11:47 - 02109952 _____ (Farbar) C:\Users\Sonne\Desktop\FRST64.exe 2015-06-16 11:06 - 2015-06-16 11:06 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini 2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ___RD C:\RavBin 2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus 2015-06-16 11:06 - 2015-06-16 11:04 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll 2015-06-16 11:05 - 2015-06-16 10:35 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll 2015-06-16 11:05 - 2015-06-16 10:35 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll 2015-06-16 11:05 - 2015-06-16 10:32 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys 2015-06-16 11:05 - 2015-06-16 10:31 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe 2015-06-16 10:26 - 2015-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-15 18:29 - 2015-06-17 16:14 - 00000672 _____ C:\Windows\setupact.log 2015-06-15 18:29 - 2015-06-15 18:29 - 00000000 _____ C:\Windows\setuperr.log 2015-06-15 17:03 - 2015-06-15 17:03 - 00003160 _____ C:\Windows\System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D} 2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-15 16:53 - 2015-06-15 16:52 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2015-06-15 16:53 - 2015-06-15 16:52 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys 2015-06-15 16:50 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System 2015-06-15 16:50 - 2015-06-16 10:30 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys 2015-06-15 16:50 - 2015-06-16 10:30 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys 2015-06-15 16:50 - 2015-06-15 16:50 - 00000150 __RSH C:\rising.ini 2015-06-15 16:50 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys 2015-06-15 16:49 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\b24cd062-bf2a-4359-9342-85828b0ba5d3 2015-06-15 16:49 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\639202a2-5fcc-4a00-ba2e-ebce06ee95fc 2015-06-15 16:49 - 2015-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Rs 2015-06-15 16:49 - 2015-06-15 16:50 - 00000000 ____D C:\ProgramData\Rising 2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Rising 2015-06-15 16:48 - 2015-06-17 10:43 - 00000330 _____ C:\Windows\Tasks\WTKXPWLM1.job 2015-06-15 16:48 - 2015-06-16 10:26 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-06-15 16:48 - 2015-06-15 16:48 - 00003572 _____ C:\Windows\System32\Tasks\DWBTM 2015-06-15 16:48 - 2015-06-15 16:48 - 00002852 _____ C:\Windows\System32\Tasks\WTKXPWLM1 2015-06-15 16:47 - 2015-06-17 10:43 - 00000324 _____ C:\Windows\Tasks\XGGLNAPSJN1.job 2015-06-15 16:47 - 2015-06-15 16:47 - 00003572 _____ C:\Windows\System32\Tasks\HLEBG 2015-06-15 16:47 - 2015-06-15 16:47 - 00002846 _____ C:\Windows\System32\Tasks\XGGLNAPSJN1 2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 _____ C:\Windows\hgfs.sys 2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 _____ C:\Windows\prleth.sys 2015-06-08 01:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-06-08 01:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-06-04 13:56 - 2015-06-16 12:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-05-20 10:46 - 2015-05-20 10:46 - 00013489 _____ C:\Users\Sonne\Documents\Stadt W´hausen Herr Meyer (PayPal).odt 2015-05-18 14:11 - 2015-05-21 15:48 - 00001937 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-05-18 14:11 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2015-05-18 14:10 - 2015-06-16 12:10 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-05-18 14:10 - 2015-05-18 14:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-05-18 14:10 - 2015-05-18 14:10 - 00002013 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 16:22 - 2013-07-02 19:21 - 00000000 ____D C:\FRST 2015-06-17 16:21 - 2011-09-30 23:16 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-17 16:14 - 2013-06-07 21:17 - 02009930 _____ C:\Windows\WindowsUpdate.log 2015-06-17 16:14 - 2013-03-28 20:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-17 14:16 - 2011-09-30 23:16 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-17 14:10 - 2015-05-15 21:27 - 00000000 ____D C:\Users\Sonne\Documents\Musch Delank Imex 2015-06-17 10:57 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-17 10:57 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-17 10:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-17 10:41 - 2013-11-28 20:05 - 00000000 ____D C:\AdwCleaner 2015-06-16 12:21 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-16 12:15 - 2009-07-14 06:45 - 00295648 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-16 12:14 - 2013-07-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-06-16 12:14 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media 2015-06-16 11:40 - 2014-11-13 11:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-16 11:39 - 2013-11-28 20:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-06-16 11:36 - 2011-09-30 23:24 - 00064544 _____ C:\Users\Sonne\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-15 17:02 - 2013-09-09 15:44 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-06-15 17:02 - 2013-07-09 11:08 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-15 17:02 - 2013-07-09 11:08 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-06-15 17:02 - 2011-09-30 23:34 - 00001431 _____ C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-15 16:59 - 2013-04-17 16:39 - 00000000 ____D C:\Users\Sonne\AppData\Local\CrashDumps 2015-06-15 16:54 - 2011-09-30 23:37 - 00000000 ____D C:\Users\Sonne\AppData\Local\VirtualStore 2015-06-11 12:41 - 2013-03-28 20:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-11 12:41 - 2013-03-28 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-11 12:41 - 2011-09-30 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-09 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\system32\GWX 2015-06-08 01:32 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-06-08 01:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-06-08 01:10 - 2012-03-28 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2015-06-08 01:10 - 2011-04-16 12:56 - 01649782 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-06-08 01:10 - 2011-02-14 14:57 - 00700118 _____ C:\Windows\system32\perfh007.dat 2015-06-08 01:10 - 2011-02-14 14:57 - 00149968 _____ C:\Windows\system32\perfc007.dat 2015-06-08 01:04 - 2012-05-14 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-21 15:57 - 2011-09-30 23:55 - 00000000 ____D C:\Users\Sonne\Desktop\Fotos 2015-05-20 14:44 - 2011-09-30 23:23 - 00000000 ____D C:\Users\Sonne\AppData\Local\Adobe 2015-05-19 11:42 - 2012-04-01 11:15 - 00000000 ____D C:\Users\Sonne\Documents\Eigene Dateien 2015-05-19 09:12 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-05-18 14:11 - 2015-01-11 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-05-18 14:11 - 2011-09-30 23:41 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Adobe 2015-05-18 14:10 - 2011-09-30 23:18 - 00000000 ____D C:\ProgramData\Adobe 2015-05-18 13:34 - 2011-09-30 23:16 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-18 13:34 - 2011-09-30 23:16 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2013-10-02 20:36 - 2014-01-05 15:11 - 0000678 _____ () C:\Users\Sonne\AppData\Local\cookies.ini Some files in TEMP: ==================== C:\Users\Sonne\AppData\Local\Temp\C2PC_SP.exe C:\Users\Sonne\AppData\Local\Temp\Quarantine.exe C:\Users\Sonne\AppData\Local\Temp\sqlite3.dll C:\Users\Sonne\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-16 20:35 ==================== End of log ============================ FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by Sonne at 2015-06-17 16:24:08 Running from C:\Users\Sonne\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2983943463-2176006230-4185877932-500 - Administrator - Disabled) Gast (S-1-5-21-2983943463-2176006230-4185877932-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2983943463-2176006230-4185877932-1002 - Limited - Enabled) Sonne (S-1-5-21-2983943463-2176006230-4185877932-1001 - Administrator - Enabled) => C:\Users\Sonne ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.) CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions) eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden FreeOCR v5.0 (HKLM-x32\...\freeocr_is1) (Version: - ) Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version: - ) Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED) Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: - ) Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: - ) Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}) (Version: 22.0.334.0 - Hewlett-Packard Co.) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: - ) LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{54da196d-166e-41ff-97b8-b36d914b919c}) (Version: - Nero AG) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED) Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: - ) Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Rising Antivirus (HKLM-x32\...\RAV) (Version: 24.00.43.14 - Beijing Rising Information Technology, Inc.) Rising Software Deployment System (HKLM-x32\...\RSD) (Version: 23.00.01.02 - Beijing Rising Information Technology, Inc.) Rossmann Fotowelt Software 4.9 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.9 - ORWO Net) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer) VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version: - VTech) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 19-05-2015 11:30:30 Windows Update 22-05-2015 13:33:32 Windows Update 28-05-2015 09:29:41 Windows Update 04-06-2015 13:34:06 Windows Update 08-06-2015 01:01:03 Windows Update 12-06-2015 15:46:14 Windows Update 15-06-2015 16:50:44 LavasoftWeCompanion 16-06-2015 10:45:44 Windows Update 16-06-2015 20:05:52 Revo Uninstaller's restore point - cinemaplus version 2.04 16-06-2015 20:09:33 Revo Uninstaller's restore point - Zip Opener Packages 83 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-06-27 13:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {008A50F6-6F65-4BD2-9CED-9C791EF23812} - System32\Tasks\WTKXPWLM1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION Task: {052DD86F-62F1-497A-A9E5-710BA7A63CB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.) Task: {0E14688E-C9EE-4B4D-A5A5-551D4BE1CA20} - System32\Tasks\XGGLNAPSJN1 => C:\ProgramData\NavRight\NavRight.exe <==== ATTENTION Task: {23D0AE57-EA18-4B45-8047-200E93E04815} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.) Task: {240F7B74-8D37-46DA-8750-052664AEABBB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-17] (Microsoft Corporation) Task: {2A9F2D7A-9915-4466-8678-A21B3B1D1363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {49A6221B-522F-4306-B4C6-C3E86C02A0F8} - System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D} => pcalua.exe -a C:\Users\Sonne\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt Task: {4C754BFD-0F30-4C99-97BE-7FC3E7D9AA29} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {5C3F2F40-0337-4951-8437-B5CCCCC99282} - System32\Tasks\{18968C56-914E-4610-8DF1-80B92D002E96} => pcalua.exe -a C:\Users\Sonne\Downloads\marineemail.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {69FC9E73-AB0D-4594-A8C2-DDE5D47DDCED} - System32\Tasks\DWBTM => C:\ProgramData\37e30e59d1a7430da05c726d0388106f\37e30e59d1a7430da05c726d0388106f.exe <==== ATTENTION Task: {6AEEDEA0-A547-4EA4-9AFD-BFA6D14445C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated) Task: {6B7C6944-8702-4A14-BB6E-520DD18A2A23} - System32\Tasks\HLEBG => C:\ProgramData\830d280829ca4028a7f37bc821cc2f16\830d280829ca4028a7f37bc821cc2f16.exe <==== ATTENTION Task: {72034D43-6577-4F5B-B719-2056A137B18A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {7EF8E32F-4C9A-42B3-8E52-F0CC6A459901} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {82487041-C999-4ECE-AB7C-7EFD19457194} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {974EC68E-FAF1-4CE4-9A02-98FF7880FA7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {9B59277C-AE77-4C67-9BB9-65CC1EFFA8D5} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES (X86)\RISING\RAV\rsdelaylauncher.exe [2015-06-16] (Beijing Rising Information Technology Co., Ltd.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\WTKXPWLM1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION Task: C:\Windows\Tasks\XGGLNAPSJN1.job => C:\ProgramData\NavRight\NavRight.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2011-01-17 16:19 - 2012-04-02 12:01 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2015-06-11 12:41 - 2015-06-11 12:41 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100sexlinks.com -> 100sexlinks.com There are 5317 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{55CCA8F9-D7B5-4F9D-A1C7-0B120701405F}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe FirewallRules: [{B468A948-BB76-4CC2-8EF5-6D096A47B629}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe FirewallRules: [{CF74D96B-E1AF-4464-BBA7-6E115330DC86}] => (Allow) C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{457EC9A3-52BC-49DA-93F0-076B646025E4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D5351F3C-C8D2-49A3-AEDA-74CD7573D131}] => (Allow) LPort=2869 FirewallRules: [{159A9B9B-3C47-48E0-B8A7-E5E0B58DEA73}] => (Allow) LPort=1900 FirewallRules: [{C3CE3E41-BC8A-4006-93C6-64BBF3F1BBCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{69095B4D-B1DD-4937-900E-764FB4BFDC74}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{027761D3-0BC9-4612-9AC4-B14267E6A1E7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{2724A7D4-B849-4303-8964-334540F1B94D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{88C79719-3F96-4DC0-AF71-AFEC59DD0098}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{30BB36D4-C5D6-4159-93A1-BC3151A034CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{17D53D46-A97F-4EE3-971C-B63FFE14E20B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{E033C7B7-2C7D-4154-8093-BF61B71ED4CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{70C0E24B-7BC3-4ACB-8ECE-AA2E1567D9D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{609E758D-717E-4834-9282-0228860D500C}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe FirewallRules: [{98E0B3BC-E288-498B-B3A4-578CE05808E8}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe FirewallRules: [{21A5AA21-61CA-4320-83DE-399BA6221F46}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCmgrInstallGuide.exe FirewallRules: [{2602B83B-1568-40C5-A807-3D8B187937BD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{40CE0218-73D9-4A4F-91FC-8A5DE007F6A6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{AC4607BC-E257-44B8-9CB1-BE57E67263FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe FirewallRules: [{6C6F446B-5DCF-41D0-B111-4466031A7A9C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCMgr.exe FirewallRules: [{C0947541-CF29-4751-A887-F4BCD33EDCAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe FirewallRules: [{DC2A925D-A8D1-407A-86B8-2D2E9280DBEA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMDL.exe FirewallRules: [{81EF5DF4-68DE-429A-9E3D-B43C6BAF0CAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\bugreport.exe FirewallRules: [{7F1A03C7-2D48-4FA2-8D26-3D9A19FB1F14}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCFileOpen.exe FirewallRules: [{112B5B9F-E5D2-48F7-ADD1-457835463309}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLeakScan.exe FirewallRules: [{CBF8034A-63AF-41DC-BD89-0BD3024078AE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPConfig.exe FirewallRules: [{2E84B329-707E-4707-BDF6-F69283F8898B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftMgr.exe FirewallRules: [{B412D22A-BC2C-4B33-BFDE-637399E97679}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe FirewallRules: [{BA6450E5-CC5F-4446-BE3F-B9DEE93C1854}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCBTU.exe FirewallRules: [{FAA11A10-0A48-4E71-BDD2-488DA3454B94}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCClinic.exe FirewallRules: [{97D14ABF-BF44-43B2-BE3B-536DEEC0F6C2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLaunch.exe FirewallRules: [{BD948B14-8C19-4799-B2A4-D7904DF21CF5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\QQPCMgrUpdate.exe FirewallRules: [{FBB344B2-584B-4308-A2F2-CE70AB3D968C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftGame.exe FirewallRules: [{1CD34930-42E6-4A4C-B569-3D7926CCED2D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSysOptimize.exe FirewallRules: [{65251F91-D874-48BD-B251-1874D834E5BE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCUpdateAVLib.exe FirewallRules: [{A8A802BB-5C55-45B0-B4D1-703FBB22C0FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQRepair.exe FirewallRules: [{D31B42DD-FD8B-4D94-AE62-BB9F46539659}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\Uninst.exe FirewallRules: [{9A32480F-FA3E-4286-99F5-FC3BDC41DE33}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCPatch.exe FirewallRules: [{CAFF155D-2F2E-4355-BF76-9EC6DD49C97C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TpkUpdate.exe FirewallRules: [{8C13F7E8-00D4-4215-98A3-09ED996C24D0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMRouterMgr.exe FirewallRules: [{25C46C94-E505-4199-B70A-08C91E15345C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAccountProtection.exe FirewallRules: [{F367AF67-BF06-4DC1-B514-C57A7B023FED}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAdBlock.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth-Peripheriegerät Description: Bluetooth-Peripheriegerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/17/2015 10:54:19 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} Error: (06/17/2015 10:54:19 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping... Error: (06/17/2015 10:45:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2015 10:44:14 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: ) Description: {hap=12:app=OfficeVirt 9014006604070000:tid=CC4} Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 24604E0A-40000194). Error: (06/17/2015 10:44:14 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {hap=12:app=OfficeVirt 9014006604070000:tid=CC4} Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194). Error: (06/16/2015 00:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2015 00:20:10 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. (Stream product id=0x0066): Streaming Failed Error: (06/16/2015 00:20:10 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=234} Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194). Error: (06/16/2015 00:20:10 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Too many failures while downloading ranges: 2 Error: (06/16/2015 00:20:10 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=234} Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft' herstellen (Rückgabecode 24604E0A-40000194, ursprünglicher Rückgabecode 24604E0A-40000194). System errors: ============= Error: (06/17/2015 10:52:41 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (06/17/2015 10:50:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/17/2015 10:50:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/17/2015 10:50:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/17/2015 10:50:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/17/2015 10:50:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/17/2015 10:50:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/17/2015 10:50:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PowerSavingUtilityService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/17/2015 10:50:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PFNService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/17/2015 10:50:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Nero BackItUp Scheduler 4.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office: ========================= Error: (06/17/2015 10:54:19 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE} Error: (06/17/2015 10:54:19 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping... Error: (06/17/2015 10:45:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2015 10:44:14 AM) (Source: Application Virtualization Client) (EventID: 3008) (User: ) Description: {hap=12:app=OfficeVirt 9014006604070000:tid=CC4} 24604E0A-40000194 Error: (06/17/2015 10:44:14 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {hap=12:app=OfficeVirt 9014006604070000:tid=CC4} http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft24604E0A-4000019424604E0A-40000194 Error: (06/16/2015 00:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2015 00:20:10 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: (Stream product id=0x0066): Streaming Failed Error: (06/16/2015 00:20:10 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=234} http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft24604E0A-4000019424604E0A-40000194 Error: (06/16/2015 00:20:10 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Too many failures while downloading ranges: 2 Error: (06/16/2015 00:20:10 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=234} http://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6117.5005.sft24604E0A-4000019424604E0A-40000194 CodeIntegrity Errors: =================================== Date: 2013-06-27 13:08:33.046 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-27 13:08:32.968 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz Percentage of memory in use: 43% Total physical RAM: 3892.55 MB Available physical RAM: 2181.91 MB Total Pagefile: 7783.3 MB Available Pagefile: 5498.83 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:463.76 GB) (Free:250 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B477DB1C) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS) ==================== End of log ============================ |
17.06.2015, 19:49 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus?Zitat:
Wenn der dich stört deinstalliere ihn einfach...
__________________ Logfiles bitte immer in CODE-Tags posten |
17.06.2015, 20:01 | #15 |
| infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? naja, es wurde irgendwo mitinstalliert, jedenfalls wusste ich nichts davon und nicht was es ist. Habs jetzt deiinstalliert bzw bin dabei. Ist der Laptop denn jetzt sauber? |
Themen zu infizierter Laptop, Adware, Oursurfing, chinesische Dateien, Virus? |
adware, applaus, chinesische, datei, dateien, entferne, entfernen, gestern, infizierte, infizierte datei, infizierter, install, irgend, laptop, neue, nicht mehr, software, sämtliche, uninstall, versehentlich, virus, virus?, werbung, überall, zeichen |