| |
| |||||||
Log-Analyse und Auswertung: PUP.Optional.Spigot.A gefunden vom MalewarebytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.07.2015, 00:36
| #1 |
 |  PUP.Optional.Spigot.A gefunden vom Malewarebytes Hallo, ich habe heute, weil mein Netzwerk irgendwie plötzlich keine anderen PCs mehr angezeigt hat, eine Scan mit Malwarebytes gemacht. Tatsächlich wurde was gefunden und entfernt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 14.07.2015 Suchlaufzeit: 00:21 Protokolldatei: Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.13.06 Rootkit-Datenbank: v2015.07.10.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Helmut Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 427572 Abgelaufene Zeit: 9 Min., 2 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Spigot.A, HKU\S-1-5-21-675147457-2045932314-1395331145-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26B10AAA-C22B-452E-946D-8DC4235C9640}, In Quarantäne, [66e4439ed6b468ce1a63986d40c333cd], Registrierungswerte: 2 PUP.Optional.Spigot.A, HKU\S-1-5-21-675147457-2045932314-1395331145-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26B10AAA-C22B-452E-946D-8DC4235C9640}|URL, hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}, In Quarantäne, [66e4439ed6b468ce1a63986d40c333cd] PUP.Optional.Spigot.A, HKU\S-1-5-21-675147457-2045932314-1395331145-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26B10AAA-C22B-452E-946D-8DC4235C9640}|OSDFileURL, file:///C:/Program%20Files%20(x86)/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, In Quarantäne, [d773a1408cfe68ce5ed1315ca75d9868] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Daraufhin hab ich noch einen Scan mit ADWCleaner gemacht und noch NICHTS gelöscht.: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 14/07/2015 um 01:17:55
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Helmut - HELMUT-PC
# Gestarted von : D:\Downloads\Virus\123\adwcleaner_4.208.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Helmut\AppData\Roaming\ConvAPIPlugin.log
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
-\\ Google Chrome v
[C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=DE&ver=21&locale=de_DE&gct=sb&qsrc=2869
[C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
*************************
AdwCleaner[R0].txt - [2012 Bytes] - [14/07/2015 01:17:55]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2071 Bytes] ##########
Könntet ihr mir behilflich sein, was zu tun ist? Vielen Dank für Eure Hilfe Gruß Helmut |
|
14.07.2015, 06:37
| #2 |
| /// the machine /// TB-Ausbilder    | PUP.Optional.Spigot.A gefunden vom Malewarebytes Hi,
__________________MBAM updaten, scannen, Funde löschen. AdwCleaner nochmal, ebenfalls löschen lassen, dann: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.07.2015, 11:42
| #3 |
| | PUP.Optional.Spigot.A gefunden vom Malewarebytes Hallo Schrauber,
__________________vielen Dank. Anbei erst mal der Log vom ADW: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 14/07/2015 um 12:37:05
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Helmut - HELMUT-PC
# Gestarted von : D:\Downloads\Virus\123\adwcleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Helmut\AppData\Roaming\ConvAPIPlugin.log
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
-\\ Google Chrome v
[C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=DE&ver=21&locale=de_DE&gct=sb&qsrc=2869
[C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
*************************
AdwCleaner[R0].txt - [2162 Bytes] - [14/07/2015 01:17:55]
AdwCleaner[R1].txt - [2221 Bytes] - [14/07/2015 12:34:42]
AdwCleaner[S0].txt - [2078 Bytes] - [14/07/2015 12:37:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2137 Bytes] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Helmut (administrator) on HELMUT-PC on 14-07-2015 12:42:13
Running from D:\Downloads\Virus\123
Loaded Profiles: Helmut (Available Profiles: Helmut & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Mobotix\Services\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Synametrics Technologies) C:\DeltaCopy\DCServce.exe
() C:\DeltaCopy\rsync.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(CM & V) C:\Program Files (x86)\DVBViewer\DVBVservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\SpRecord3\SpRecord.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files (x86)\SpRecord3\srShell.exe
(CM&V Hackbart) C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgr.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!\FriFax32.exe
(Heuer Software) C:\ISDNMoni\ISDNMO32.EXE
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
(Dr. J. Rathlev, D-24222 Schwentinental) C:\Program Files\Personal Backup 5\Persbackup.exe
(Andreas Viebke) C:\Program Files (x86)\ShortCut\ShortCut.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(T-Systems Enterprise Services GmbH) C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-06-28] (Acronis)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-13] (Geek Software GmbH)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\Run: [SpRecord] => C:\Program Files (x86)\SpRecord3\srShell.exe [3666944 2010-10-15] ()
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\Run: [DVBV Service Ctrl] => C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe [82944 2011-08-25] (CM&V Hackbart)
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\MountPoints2: {00e229f6-8be7-11e2-bd86-1c6f6544e658} - I:\LGAutoRun.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Finanzmanager 2016 Zahlungserinnerung.lnk [2015-05-20]
ShortcutTarget: Finanzmanager 2016 Zahlungserinnerung.lnk -> C:\Windows\Installer\{7429B83A-5AB6-4AEE-A53B-79B9742B9158}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2015 Zahlungserinnerung.lnk [2014-07-07]
ShortcutTarget: Quicken 2015 Zahlungserinnerung.lnk -> C:\Windows\Installer\{44A9A647-0BBA-4776-8B61-1092EDFEA0C2}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-11-26]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2010-11-27]
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2010-11-27]
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2010-11-27]
ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk [2010-11-22]
ShortcutTarget: FRITZ!fax.lnk -> C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin)
Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ISDNMO32.EXE - Verknüpfung.lnk [2010-11-22]
ShortcutTarget: ISDNMO32.EXE - Verknüpfung.lnk -> C:\ISDNMoni\ISDNMO32.EXE (Heuer Software)
Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk [2013-09-12]
ShortcutTarget: jAnrufmonitor 5.0.lnk -> C:\jAnrufmonitor\jam.exe ()
Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [2014-04-19]
ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Startup: C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShortCut.lnk [2010-11-21]
ShortcutTarget: ShortCut.lnk -> C:\Program Files (x86)\ShortCut\ShortCut.exe (Andreas Viebke)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-675147457-2045932314-1395331145-1000 -> {7C8792D9-0164-42DD-B686-F75C465AEDAB} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4A026B12-94F3-4D2F-A468-96AA55DE20A5} hxxp://192.168.0.5/img/NetCamPlayerWeb11g.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{CC52CBA0-F593-48B7-A4E3-DB80654A4247}: [NameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default
FF NetworkProxy: "ftp", "93.63.141.183"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "93.63.141.183"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "93.63.141.183"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "93.63.141.183"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-675147457-2045932314-1395331145-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Helmut\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-675147457-2045932314-1395331145-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Helmut\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-23] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default\Extensions\de_DE@dicts.j3e.de [2015-02-28]
FF Extension: Garmin Communicator - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-29]
FF Extension: stealthy - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default\Extensions\stealthyextension@gmail.com.xpi [2011-11-22]
FF Extension: CacheViewer - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2014-01-07]
FF Extension: Password Exporter - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-05-20]
FF Extension: Video DownloadHelper - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Search By Image (by Google) - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2014-07-06]
FF Extension: Adblock Plus - C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\5yub2a14.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-07-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-07-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-07-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-20]
FF HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-07-21]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Helmut\AppData\Local\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Helmut\AppData\Local\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Helmut\AppData\Local\Google\Chrome\Application\42.0.2311.152\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-28]
CHR Extension: (Google Cast) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-04-15]
CHR Extension: (Google Search) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-28]
CHR Extension: (AdBlock) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-02]
CHR Extension: (Bookmark Manager) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Gmail) - C:\Users\Helmut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-28]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Helmut\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-24] (SUPERAntiSpyware.com)
R2 Bonjour Service; C:\Program Files (x86)\Mobotix\Services\mDNSResponder.exe [357376 2013-01-22] (Apple Inc.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 DeltaCopyService; C:\DeltaCopy\DCServce.exe [683008 2009-11-23] (Synametrics Technologies) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-03-17] () [File not signed]
R2 DVBVRecorder; C:\Program Files (x86)\DVBViewer\DVBVservice.exe [758912 2012-02-14] (CM & V) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [555520 2010-09-02] (Hauppauge Computer Works) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-11-06] (Haufe-Lexware GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\N360.exe [282016 2015-06-18] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 SpRecordService; C:\Program Files (x86)\SpRecord3\SpRecord.exe [4423168 2010-10-15] () [File not signed]
S3 srdbService; C:\Program Files (x86)\SpRecord3\srdbServ.exe [2923008 2010-10-15] () [File not signed]
R3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ffs64.sys [26080 2013-01-22] (EldoS Corporation) [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-07-06] ()
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2010-09-01] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150712.001\IDSvia64.sys [692984 2015-07-03] (Symantec Corporation)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraMobileCsrDfuX64.sys [38768 2015-03-04] (GN Netcom A/S)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150713.033\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150713.033\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PciDumpr; C:\Program Files (x86)\Common Files\T-Com\DSLCheck\PciDumpr.sys [2144 2001-01-26] () [File not signed]
S3 PORTMON; D:\Downloads\Win 7\SysinternalsSuite\PORTMSYS.SYS [28656 2011-01-02] (Systems Internals) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2012-03-02] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2012-03-02] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2012-03-02] (LG Electronics Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [185688 2014-09-23] (IDRIX)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [59344 2013-08-19] (Windows (R) Win 7 DDK provider) [File not signed]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 QDrive; \??\C:\Users\Helmut\AppData\Local\Temp\QDrive.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-14 12:42 - 2015-07-14 12:42 - 00000000 ____D C:\FRST
2015-07-14 08:22 - 2015-07-14 08:22 - 00002802 _____ C:\Users\Helmut\Desktop\pua.txt
2015-07-14 01:50 - 2015-07-14 01:53 - 00000000 ____D C:\Users\Helmut\Desktop\pics
2015-07-14 01:45 - 2015-07-14 12:38 - 00000021 _____ C:\Windows\S.dirmngr
2015-07-14 01:17 - 2015-07-14 12:37 - 00000000 ____D C:\AdwCleaner
2015-07-13 19:33 - 2015-07-13 19:33 - 00001086 _____ C:\Users\Public\Desktop\PDF24 Creator.lnk
2015-07-13 19:33 - 2015-07-13 19:33 - 00001062 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2015-07-13 19:33 - 2015-07-13 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-07-06 17:22 - 2015-07-06 17:22 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
2015-07-06 17:21 - 2015-07-06 17:21 - 00030528 _____ C:\Windows\GVTDrv64.sys
2015-07-06 17:19 - 2015-07-06 17:19 - 00002015 _____ C:\Users\Public\Desktop\ET6.lnk
2015-07-06 17:19 - 2015-07-06 17:19 - 00000000 ____D C:\Program Files (x86)\AMD
2015-07-06 14:58 - 2015-07-06 14:58 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-07-06 14:52 - 2015-07-06 14:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-03 23:04 - 2015-07-03 23:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 13:57 - 2015-07-06 14:52 - 00002239 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-07-02 13:54 - 2015-07-02 13:54 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-24 12:05 - 2015-06-24 12:05 - 02448024 _____ (DataDesign AG) C:\Windows\SysWOW64\DDBACCPL.CPL
2015-06-24 12:05 - 2015-06-24 12:05 - 01833624 _____ (DataDesign AG) C:\Windows\SysWOW64\ddBACCTM.cpl
2015-06-20 09:44 - 2015-06-24 23:47 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\ActivePresenter
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-14 12:42 - 2011-01-22 10:55 - 01354495 _____ C:\Windows\WindowsUpdate.log
2015-07-14 12:39 - 2010-11-21 17:35 - 00000000 ____D C:\Program Files (x86)\ShortCut
2015-07-14 12:39 - 2010-11-21 16:45 - 00000000 ____D C:\Users\Helmut\AppData\Local\FRITZ!
2015-07-14 12:38 - 2015-05-21 08:24 - 00005041 _____ C:\Windows\setupact.log
2015-07-14 12:38 - 2011-03-07 21:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 12:38 - 2011-02-19 02:13 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-07-14 12:38 - 2010-11-19 12:05 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-14 12:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 12:24 - 2014-11-24 00:09 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 12:22 - 2010-11-21 14:34 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\Mozilla
2015-07-14 12:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-14 12:18 - 2009-07-14 06:45 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 12:18 - 2009-07-14 06:45 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 11:59 - 2011-03-07 21:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 11:48 - 2013-10-13 08:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 11:11 - 2013-05-23 08:41 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-07-14 10:47 - 2010-11-21 17:35 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\ShortCut
2015-07-14 08:25 - 2010-11-21 14:34 - 00000000 ____D C:\Users\Helmut\AppData\Local\Mozilla
2015-07-14 06:00 - 2014-12-22 03:48 - 00000474 _____ C:\Windows\Tasks\Personal Backup W7Dneu.job
2015-07-14 01:51 - 2009-07-14 19:58 - 00714028 _____ C:\Windows\system32\perfh007.dat
2015-07-14 01:51 - 2009-07-14 19:58 - 00155858 _____ C:\Windows\system32\perfc007.dat
2015-07-14 01:51 - 2009-07-14 07:13 - 01660486 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 01:45 - 2014-12-01 09:25 - 00317830 _____ C:\Windows\PFRO.log
2015-07-14 01:43 - 2010-11-23 16:43 - 00000000 ____D C:\Users\Helmut\AppData\Local\CrashDumps
2015-07-14 01:27 - 2010-11-21 13:41 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FAB0C581-103B-4383-B7D3-1E478DDE6950}
2015-07-14 00:18 - 2014-11-24 00:09 - 00001121 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-14 00:18 - 2014-11-24 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-14 00:18 - 2014-11-24 00:09 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-14 00:00 - 2014-10-12 07:25 - 00000316 _____ C:\Windows\Tasks\NetBak-Helmut-PC-Helmut-Job1.job
2015-07-13 19:33 - 2013-12-13 21:51 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-07-13 15:58 - 2010-12-06 15:13 - 00000265 _____ C:\Windows\ktel.ini
2015-07-13 15:50 - 2010-11-25 10:02 - 00000000 ____D C:\ProgramData\Lexware
2015-07-09 13:48 - 2013-10-13 08:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 13:48 - 2012-03-30 07:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 13:48 - 2011-05-17 08:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 19:41 - 2011-03-04 10:53 - 00000000 ____D C:\Program Files (x86)\SpRecord3
2015-07-06 17:48 - 2010-11-27 21:17 - 00000000 ____D C:\Program Files (x86)\DSL-Manager
2015-07-06 17:21 - 2010-11-19 13:08 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-07-06 17:20 - 2010-11-19 11:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-06 17:19 - 2010-11-19 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2015-07-06 17:19 - 2010-11-19 12:21 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2015-07-06 17:19 - 2010-11-19 11:48 - 00000000 ____D C:\Program Files (x86)\Intel
2015-07-06 14:53 - 2014-04-19 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup
2015-07-06 14:53 - 2014-04-19 08:03 - 00000000 ____D C:\Program Files\Personal Backup 5
2015-07-06 14:53 - 2012-05-30 22:22 - 00003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-06 14:53 - 2011-01-25 14:53 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-07-06 14:50 - 2012-04-25 12:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-06 13:58 - 2015-02-13 02:35 - 00000000 ____D C:\Users\Helmut\Desktop\Camera
2015-07-05 07:49 - 2015-05-20 10:43 - 00002841 _____ C:\Users\Public\Desktop\Finanzmanager 2016.lnk
2015-07-05 07:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2015-07-02 13:57 - 2011-01-25 14:54 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-02 13:57 - 2011-01-25 14:54 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-02 13:57 - 2011-01-25 14:54 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-02 13:57 - 2010-11-22 09:48 - 00000000 ____D C:\ProgramData\Norton
2015-06-24 05:26 - 2014-12-24 23:48 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 01:41 - 2011-07-17 20:43 - 00000600 _____ C:\Users\Helmut\AppData\Local\PUTTY.RND
2015-06-23 16:50 - 2014-11-26 19:48 - 00000000 ____D C:\Users\Helmut\AppData\Roaming\vlc
2015-06-23 15:39 - 2012-01-23 17:05 - 00000000 ____D C:\Program Files (x86)\MR-Online
2015-06-22 18:24 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-20 17:17 - 2014-08-14 08:47 - 00000000 ____D C:\Users\Helmut\AppData\Local\Adobe
2015-06-20 17:14 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-19 20:40 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-19 08:30 - 2013-07-21 12:48 - 00000336 _____ C:\Windows\BRCALIB.INI
2015-06-18 08:41 - 2014-11-24 00:09 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-11-24 00:09 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-11-24 00:09 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== Files in the root of some directories =======
2012-04-07 11:13 - 2012-04-07 11:19 - 0000600 _____ () C:\Users\Helmut\AppData\Roaming\winscp.rnd
2011-12-25 10:14 - 2011-12-25 10:56 - 0000079 _____ () C:\Users\Helmut\AppData\Local\CrystalDiskMark30.ini
2010-12-01 00:42 - 2015-03-28 21:53 - 0044544 _____ () C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-16 13:48 - 2012-11-16 13:48 - 0000094 _____ () C:\Users\Helmut\AppData\Local\fusioncache.dat
2011-07-17 20:43 - 2015-06-24 01:41 - 0000600 _____ () C:\Users\Helmut\AppData\Local\PUTTY.RND
2013-11-21 05:44 - 2014-11-24 01:03 - 0001457 _____ () C:\Users\Helmut\AppData\Local\RecConfig.xml
2015-03-04 10:47 - 2014-12-05 09:48 - 0001299 _____ () C:\Users\Helmut\AppData\Local\recently-used.xbel
2010-11-21 13:52 - 2013-12-29 01:12 - 0007608 _____ () C:\Users\Helmut\AppData\Local\resmon.resmoncfg
2011-06-15 19:44 - 2011-06-19 10:31 - 0001940 _____ () C:\Users\Helmut\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2014-04-30 14:29 - 2014-04-30 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-05-01 10:43 - 2014-01-31 12:11 - 0013741 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Helmut\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Helmut\AppData\Local\Temp\Quarantine.exe
C:\Users\Helmut\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 00:53
==================== End of log ============================
[/CODE] [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Helmut at 2015-07-14 12:42:36
Running from D:\Downloads\Virus\123
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-675147457-2045932314-1395331145-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-675147457-2045932314-1395331145-501 - Limited - Disabled)
Helmut (S-1-5-21-675147457-2045932314-1395331145-1000 - Administrator - Enabled) => C:\Users\Helmut
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.19 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0919-000001000000}) (Version: 9.19.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft Codec (HKLM-x32\...\{08EE3698-AAB9-4BAD-BDF4-0BE0A9157222}) (Version: - ArcSoft)
Ashampoo Burning Studio 2012 v10.0.15 (HKLM-x32\...\Ashampoo Burning Studio 2012_is1) (Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009021678.48.56.38284082 - Audible, Inc.)
Auerswald COMlist 2.5.2 (HKLM-x32\...\{F7B74F3E-8B6C-4826-802E-B907BAAE4E4B}) (Version: 2.5.2 - Auerswald GmbH & Co.KG)
Auerswald COMset 2.7.2 (HKLM-x32\...\{B1D2A138-D53E-4D3F-B547-EA2277007746}) (Version: 2.7.2 - Auerswald GmbH & Co.KG)
Auerswald COMtools 2.3.2 (HKLM-x32\...\{CEDE5E8A-37C3-40C7-8F9C-7D0E70DA0C9E}) (Version: 2.3.2 - Auerswald GmbH & Co.KG)
Auerswald Mult-Core Patch (HKLM-x32\...\{16F8DE17-DC0B-4D03-AF06-90AE05B3D34E}) (Version: 1.0.0 - Auerswald GmbH & Co KG)
Auerswald SoftLCR 3.4.2 (HKLM-x32\...\{CD7DCE24-598D-49BF-A7AE-A019F9804A84}) (Version: 3.4.2 - Auerswald GmbH & Co.KG)
AutoGreen B10.0629.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.0629.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVM FRITZ! (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM ISDN TAPI Services for CAPI (HKLM\...\AVM ISDN TAPI Services) (Version: - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DDBAC (HKLM-x32\...\{6C7DEA75-0C1E-4D71-A405-3D23E5EEDA0A}) (Version: 5.3.36.0 - DataDesign)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DeltaCopy (HKLM-x32\...\{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}) (Version: 1.40.0000 - Synametrics Technologies)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
DSL-Manager (HKLM-x32\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version: - )
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 5.2.9 - CM&V)
DVBViewer Recording Service (HKLM-x32\...\DVBViewer Recording Service_is1) (Version: 1.9.3.0 - CM&V)
DVR Configuration Tool (HKLM-x32\...\{FCEE0D0C-FF8D-4552-A6C5-67ECE0F82EF9}) (Version: 1.0.11 - Pearl Agency GmbH)
Easy Drive Data Recovery (HKLM-x32\...\Easy Drive Data Recovery) (Version: 3.0 - MunSoft)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ECOTEL Service Gear (HKLM-x32\...\{423BE907-4643-476B-8C0E-44D9893A2A54}) (Version: 4.7.250 - VIERLING Communications GmbH)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Finanzmanager 2016 (x32 Version: 23.35.00.0178 - Haufe-Lexware GmbH & Co.KG) Hidden
Finanzmanager Import Export Server 2016 (x32 Version: 23.33.00.0106 - Haufe-Lexware GmbH & Co.KG) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.6.716 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
GEAR driver installer for x86 and x64 (HKLM-x32\...\{D2A0B573-BDC0-4F5B-9202-A8D9B7781664}) (Version: 4.015.1 - GEAR Software)
Genymotion version 2.3.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.0 - Genymobile)
GetDataBack for FAT (HKLM-x32\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.25.000 - Runtime Software)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.25.000 - Runtime Software)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.59.0 - GIGABYTE Technologies, Inc.)
Glary Undelete 1.8.0.468 (HKLM-x32\...\Glary Undelete_is1) (Version: - Glarysoft.com)
Google Chrome (HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.28252 - Hauppauge Computer Works)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
jAnrufmonitor 5.0 (HKLM-x32\...\jam50) (Version: - Thilo Brandt)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JRE 1.6.1 (HKLM-x32\...\{B256C380-AC47-4681-8342-7F42E4F0F434}) (Version: 1.6.1 - Auerswald GmbH & Co.KG)
KL Tools (HKLM-x32\...\{A76AFCBF-CDB6-4060-96DD-383CFB76BAAC}) (Version: 1.3.8 - KeeLog)
klickTel Telefon- und Branchenbuch Herbst 2013 (HKLM-x32\...\{5EAFCD1F-3FD2-4F01-B80C-10C602A3E529}) (Version: 1.00.0000 - telegate MEDIA AG)
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version: - )
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
Lexware Abschreibungsrechner (HKLM-x32\...\{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}) (Version: 11.00.04.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{1C227C2E-2295-4820-87B1-4B13E98E6C66}) (Version: 13.15.00.0074 - Haufe-Lexware GmbH & Co.KG)
Lexware Finanzmanager Deluxe 2016 (HKLM-x32\...\{95ccff15-6bb0-4f99-b7b6-8cd650cd9df8}) (Version: 23.33.0.114 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Installations Dienst (x32 Version: 4.01.00.0009 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware online banking (HKLM-x32\...\{BDED7C2D-BAC0-40CA-90AA-E3D23FDAC87D}) (Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG)
Lexware Quicken Deluxe 2015 (HKLM-x32\...\{3c6b2da5-a27e-447a-a86e-5a60dd2b7eba}) (Version: 22.31.0.118 - Haufe-Lexware GmbH & Co.KG)
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
Logitech SetPoint 6.65 (HKLM\...\SP6) (Version: 6.65.62 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MR_Beleg (HKLM-x32\...\ST6UNST #1) (Version: - )
MR-Online (HKLM-x32\...\{353AAD49-A6C3-44B8-BAE0-4B18087E83CD}) (Version: 1.0.0 - Standardfirmenname)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MxControlCenter (x64) Version 2.5.3 (HKLM\...\{4D780F7A-A825-45B7-8876-C1E3BD01F9D2}_is1) (Version: 2.5.3 - MOBOTIX AG)
MyFreeCodec (HKU\S-1-5-21-675147457-2045932314-1395331145-1000\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nmap 6.40 (HKLM-x32\...\Nmap) (Version: - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.2.100.0 - Nokia)
Nokia Suite (x32 Version: 3.2.100.0 - Nokia) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.0.124 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.22 (HKLM\...\{F053F74A-A631-4CFA-A271-6D0747599BC9}) (Version: 4.3.22 - Oracle Corporation)
Palm Desktop (HKLM-x32\...\{E89D78B8-28F7-412F-8B26-C684739CBBDC}) (Version: 4.1.0410 - Palm, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM-x32\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
PDF24 Creator 7.0.5 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Personal Backup 5.5 (HKLM\...\Personal Backup 5 (64-bit)_is1) (Version: 5.5 - J. Rathlev)
Personal Backup 5.7.1.1 (HKLM\...\Personal Backup 5_is1) (Version: 5.7.1.1 - Dr. J. Rathlev)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quicken 2015 (x32 Version: 22.39.00.0149 - Haufe-Lexware GmbH & Co.KG) Hidden
Quicken DELUXE 2014 (HKLM-x32\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
Quicken HOME & BUSINESS 2012 (HKLM-x32\...\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}) (Version: 19.36.00.0165 - Haufe-Lexware GmbH & Co.KG)
Quicken HOME & BUSINESS Jubiläumsversion (HKLM-x32\...\{A907A713-DA24-4352-8786-96C7A6944646}) (Version: 20.36.00.0134 - Haufe-Lexware GmbH & Co.KG)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RufIdent 31 (HKLM-x32\...\RufIdent 31_is1) (Version: - )
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Serienfax für FRITZ!fax (HKLM-x32\...\Serienfax) (Version: - )
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
ShortCut Autotype Application (HKLM-x32\...\ShortCut_is1) (Version: 3.6 - Andreas Viebke)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15041.26 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15041.26 - Samsung Electronics Co., Ltd.) Hidden
Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION)
SpRecord (HKLM-x32\...\SpRecord) (Version: - Sarapul Systems Ltd.)
SpRecord (x32 Version: 3.97.2 - Sarapul Systems Ltd.) Hidden
StreamTransport version: 1.1.1.1 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UltraVNC 1.0.6.4 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.6.4 - 1.0.6.4)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0e - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WOL2 (HKLM-x32\...\{1F951BBA-C582-4D59-9E07-8630E6245854}) (Version: 2.0 - Marko Oette (www.oette.info))
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-675147457-2045932314-1395331145-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Helmut\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-675147457-2045932314-1395331145-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Helmut\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
14-07-2015 03:34:38 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-14 14:26 - 00450770 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0793975C-8AB7-4812-B6CE-5FFFBA225696} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {11B82834-89F6-46D6-A03D-F16366D5D957} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {174BE313-2DFC-45D9-B88F-AC239EF0E675} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {22182603-6274-44A6-A7F5-6733385FF1AA} - System32\Tasks\{2A92FD34-A67A-4721-8865-9F2AA7E2ACE9} => pcalua.exe -a F:\70469.901_V4.7.25.0_08_11_20_ECOTEL_VoIP_CD\Setup.Exe -d F:\70469.901_V4.7.25.0_08_11_20_ECOTEL_VoIP_CD
Task: {32B7A427-E2DC-48D8-BA96-5AB826DB2AA8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {3D5F918E-D840-4475-BE94-57459D7769CA} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {468A2A38-B70C-48E4-9CE7-0B171ABFD673} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\WSCStub.exe [2015-06-18] (Symantec Corporation)
Task: {51A5EFDF-669B-49D5-83B4-3DC6A68CF091} - System32\Tasks\NetBak-Helmut-PC-Helmut-Job1 => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: {57597ECA-ACE1-4941-92A9-DC1BB3604AE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {58574028-4C25-46C4-B2CF-84672F646506} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {5EAAE80A-30CC-4322-85A3-36E7E24FE945} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-675147457-2045932314-1395331145-1000UA => C:\Users\Helmut\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22] (Google Inc.)
Task: {71A27B88-088D-4AC7-AFC0-CEF93DB92B9B} - System32\Tasks\{A13E1529-D988-41FB-86AD-9C25898BF5A3} => pcalua.exe -a C:\Auerswald\Internet-Install\jre\Version161_13\setup.exe -d C:\Auerswald\Internet-Install\jre\Version161_13
Task: {92D279AC-6AE6-4CF5-97B3-928F34374868} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {9AC95BAB-0604-4F81-B032-42D183512E7D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {AA856549-CBC3-4C46-AB7F-0311A4DFBEAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {B032A9A5-FD86-4525-A22E-EC1C8912A072} - System32\Tasks\{0A8AEEB7-5D5D-4D41-9878-B91CC66FD6FD} => pcalua.exe -a C:\Windows\RaidTool\IDEDrvSetup.exe -d C:\Windows\SysWOW64 -c "PCI\VEN_197B&DEV_2363&SUBSYS_B0001458&REV_02\4&39589462&0&01E0;"
Task: {B8651750-E64B-4D69-BE30-158B082E9D26} - System32\Tasks\Personal Backup W7Dneu => C:\Program Files\Personal Backup 5\Persbackup.exe [2015-06-26] (Dr. J. Rathlev, D-24222 Schwentinental)
Task: {BA5450B8-16F5-4719-A11C-9DF15B16B9D8} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {DE602939-090C-47CC-8380-A7F5C3CAB55A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-675147457-2045932314-1395331145-1000Core => C:\Users\Helmut\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22] (Google Inc.)
Task: {FB58B619-D00C-49A0-B4BB-61E4E5AE8D1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {FE7F5E96-AB31-4CFC-8FFA-D454A217EF09} - System32\Tasks\ComList => C:\Program Files (x86)\Auerswald\COMlist 2.5.2\comlist.exe [2003-07-29] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-675147457-2045932314-1395331145-1000Core.job => C:\Users\Helmut\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-675147457-2045932314-1395331145-1000UA.job => C:\Users\Helmut\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NetBak-Helmut-PC-Helmut-Job1.job => C:\Program Files\QNAP\NetBak\NetBak.exe
Task: C:\Windows\Tasks\Personal Backup W7Dneu.job => C:\Program Files\Personal Backup 5\Persbackup.exeID:\Eigene Dateien\Documents\PersBackup\W7Dneu.buj
==================== Loaded Modules (Whitelisted) ==============
2012-11-15 22:01 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-21 16:44 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2010-11-21 16:44 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2012-01-23 21:03 - 2011-10-24 15:26 - 00101888 _____ () C:\Windows\system32\AvmSnd.dll
2008-10-13 18:44 - 2008-10-13 18:44 - 00332288 _____ () C:\DeltaCopy\rsync.exe
2015-03-17 16:21 - 2015-03-17 16:21 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2010-11-19 12:00 - 2010-09-07 11:46 - 00072280 _____ () C:\Windows\SysWOW64\XSrvSetup.exe
2011-09-15 13:06 - 2011-09-15 13:06 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-10-15 21:20 - 2010-10-15 21:20 - 04423168 _____ () C:\Program Files (x86)\SpRecord3\SpRecord.exe
2010-10-15 21:21 - 2010-10-15 21:21 - 03666944 _____ () C:\Program Files (x86)\SpRecord3\srShell.exe
2008-11-09 19:36 - 2008-11-09 19:36 - 01000960 _____ () C:\DeltaCopy\cygiconv-2.dll
2002-06-09 00:50 - 2002-06-09 00:50 - 00022528 _____ () C:\DeltaCopy\cygpopt-0.dll
2015-03-17 16:07 - 2015-03-17 16:07 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-03-17 16:01 - 2015-03-17 16:01 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-03-17 15:54 - 2015-03-17 15:54 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-03-17 16:07 - 2015-03-17 16:07 - 00070656 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-03-17 16:10 - 2015-03-17 16:10 - 00744448 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2010-11-23 16:59 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\DVBViewer\sqlite3.dll
2015-04-01 16:13 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2011-09-22 22:20 - 2011-09-22 22:20 - 11233136 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2013-12-13 21:51 - 2015-07-13 12:41 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2013-12-13 21:51 - 2015-07-13 12:41 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2010-11-20 01:16 - 1999-07-12 12:58 - 00100864 _____ () C:\ISDNMoni\MONINOTE.dll
2010-11-20 01:16 - 2000-07-09 22:48 - 00163840 _____ () C:\ISDNMoni\isdnm32d.dll
2013-09-12 13:52 - 2013-09-12 13:52 - 00050176 _____ () C:\jAnrufmonitor\pimcapi.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-675147457-2045932314-1395331145-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk => C:\Windows\pss\AutoStart IR.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk => C:\Windows\pss\WinTV Recording Status..lnk.CommonStartup
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Helmut\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: RufiUpd.exe => C:\Program Files (x86)\RufIdent Herbst 2013\RufiUpd.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{9DB7B424-9432-434F-8E6E-6A69EAFC494A}C:\isdnmoni\isdnmo32.exe] => (Allow) C:\isdnmoni\isdnmo32.exe
FirewallRules: [UDP Query User{C11030B3-E39C-41DF-ADF0-5EB2F117FEBF}C:\isdnmoni\isdnmo32.exe] => (Allow) C:\isdnmoni\isdnmo32.exe
FirewallRules: [TCP Query User{151186B4-0DB5-4715-9281-49CD5AA3D0A4}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{BB38B6D8-71CB-41DB-A9F1-DC0F0F5AF16E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [TCP Query User{C7114EBD-42AA-45F7-8126-25C02C4E39F8}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
FirewallRules: [UDP Query User{E3BA29CB-7D6F-4DBE-9ECA-F27B5970AC7E}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
FirewallRules: [TCP Query User{411440D9-D9D6-47C8-9158-9AF493E83C18}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
FirewallRules: [UDP Query User{C95F064E-E84B-4AF3-B746-A5CADEC49CD3}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
FirewallRules: [{F3C1C6C2-FA8E-4617-A24A-481B3F8EE059}] => (Allow) LPort=5900
FirewallRules: [{612BE3A9-BCE7-42D1-988F-D46C6FD921C4}] => (Allow) LPort=5800
FirewallRules: [{58B4D76C-A93E-461D-89A6-0BFB2BF750B1}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{6008EEBB-6EED-48A1-A631-9FED14D5D514}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [TCP Query User{76E8EEB3-2681-4771-8C7E-9D983B7F05BE}C:\isdnmoni\isdnmo32.exe] => (Allow) C:\isdnmoni\isdnmo32.exe
FirewallRules: [UDP Query User{AD3CA104-6E38-42FF-B4CD-B3FEAA5D8A00}C:\isdnmoni\isdnmo32.exe] => (Allow) C:\isdnmoni\isdnmo32.exe
FirewallRules: [TCP Query User{939E335E-5A91-424E-BAA5-3E60B2065285}C:\program files (x86)\dvbviewer\dvbviewer.exe] => (Allow) C:\program files (x86)\dvbviewer\dvbviewer.exe
FirewallRules: [UDP Query User{58F0705C-059C-4160-802C-326B5F9433BF}C:\program files (x86)\dvbviewer\dvbviewer.exe] => (Allow) C:\program files (x86)\dvbviewer\dvbviewer.exe
FirewallRules: [TCP Query User{258BB20D-DB95-43CB-A04E-1C11EC31CDE5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{C73CDCC1-90F6-43DD-A1DF-5F00664BA040}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{4EA9F990-BC16-4197-A7B8-AE7072FD7C37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{2346F26B-7445-4656-BC3A-23571D8D1D1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9BFFC123-8401-4FA4-8AC8-625E082A84D7}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{032D54B4-28A1-4D67-9BEE-55A2E4AC1BE6}] => (Allow) C:\Program Files (x86)\DVBViewer\DVBVservice.exe
FirewallRules: [{4A182F06-F091-49E6-9F4C-C2202B14361A}] => (Allow) C:\Program Files (x86)\DVBViewer\DVBVservice.exe
FirewallRules: [{EB57D3A1-60F3-48F3-9999-FAB1703ED1AD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D0D85447-516D-4F9F-BCA4-ED2BB01B256C}] => (Allow) G:\FSetup.exe
FirewallRules: [{3D19D2B7-8576-4785-90AD-CCAFE4C0ABD1}] => (Allow) G:\FSetup.exe
FirewallRules: [{84F5EC11-F0A1-4C7E-B859-F96E63512ADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5425E157-E5CA-489F-A1A2-889C018C08B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4D41A65C-C5BC-4C12-BAEE-93BC345738FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{58A33661-BF12-48B7-81F4-ABD5C1F0E3A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F83E619D-BC77-4493-8022-FDA78DA5AC8B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BC0D95EA-E9D5-4AD4-A114-F0D97DE19F99}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E6887CEC-B735-46FF-9AC1-C2A4D5722B8D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C0BE6075-76CD-4044-802C-84105321957B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CE505B6F-A185-4B0F-AAE9-232174E48615}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{44F22FCD-0BB5-465F-8D79-073428054FF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{2EA99B18-DFA5-4E88-977C-7D913E7F08A7}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{1912AF54-D971-45E1-BAD1-E0C332C631CB}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{DEC7E2B8-6C27-4BB7-8449-04AC5698F1A5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{0BCB7529-B95E-4CC2-B0B1-8D3FEF24CB85}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{1322F140-0402-4FA8-9AFD-CD4E77F8D4D8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{A5475F78-BFBB-4267-9517-8F509181173F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{28865D6A-5B55-4F7F-93B1-35A24B107013}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{48B10EE9-CABB-4998-BE03-E89B812C779B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{48DD008C-3796-4793-B4A5-2A0E98BCEF06}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{C6CFAE5A-93EF-46B3-A8E2-EA2713B931F1}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{8C70B444-0B60-4018-AE1D-5C976BF76470}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{6A6F563A-0E52-43CF-9AF9-67161A8C88D5}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{8F1A8950-8C50-4AAC-A1A7-254C912BA212}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{AB430B15-675B-4DEA-877D-CF7BD2486D14}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [TCP Query User{C67F1432-A77A-4AFC-AC49-A14F232B05A5}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{39D2A92F-F570-4695-8A1F-9EF64902F7EE}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{F38C9858-34FC-4841-B636-68C36E21A73C}] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{B5B57EC9-7EC6-46E6-A320-DBD082A30D36}] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{D27BE6D0-F328-4FF4-AE42-174F140B438D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AAA04E03-C543-473B-BF5D-514A71E6ECC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E307ADA1-E09D-44FA-83F3-857B283B1C97}] => (Allow) C:\Users\Helmut\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{723E6AA7-46B3-45E3-B7B0-BB4A5818C610}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [{934EC0DD-C447-4132-B908-FC748D8EA6C0}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
FirewallRules: [TCP Query User{FB56497B-EDCA-4208-B869-CB0AC391884F}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{47938170-C4B8-4CBC-8A68-7AE4087E5A25}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/14/2015 12:39:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x10ac
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (07/14/2015 12:25:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 39.0.0.5659, Zeitstempel: 0x55933a80
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x2fa2fb88
ID des fehlerhaften Prozesses: 0x1d80
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/14/2015 01:45:28 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x80070015).
Error: (07/14/2015 01:45:28 AM) (Source: Outlook) (EventID: 34) (User: )
Description: Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x80070015.
Error: (07/14/2015 01:45:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x10fc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (07/14/2015 01:45:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x11f4
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3
Error: (07/14/2015 01:45:26 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/14/2015 01:45:26 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/14/2015 01:45:26 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/14/2015 01:45:26 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
System errors:
=============
Error: (07/14/2015 12:39:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (07/14/2015 12:39:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/14/2015 12:37:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/14/2015 12:37:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SAS Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/14/2015 12:37:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Bonjour Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/14/2015 12:37:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/14/2015 12:37:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/14/2015 12:37:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/14/2015 12:37:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/14/2015 12:37:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (05/04/2014 06:08:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 85 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-04-30 13:50:21.311
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-30 13:50:21.273
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\LameACM.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-21 15:03:02.056
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\l3codeca.acm" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-11-28 00:43:34.449
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\womic.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-28 00:43:34.324
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\womic.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-13 14:01:01.799
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-13 14:01:01.685
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-13 12:52:42.480
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-13 12:52:42.369
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-13 12:50:11.918
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Common Files\T-Com\DSLCheck\PCIDumpr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU K 875 @ 2.93GHz
Percentage of memory in use: 48%
Total physical RAM: 8151.48 MB
Available physical RAM: 4216.32 MB
Total Virtual: 16301.18 MB
Available Virtual: 12082.52 MB
==================== Drives ================================
Drive c: (SSD) (Fixed) (Total:111.69 GB) (Free:6.68 GB) NTFS
Drive d: (HGST_1) (Fixed) (Total:1655.27 GB) (Free:875.41 GB) NTFS
Drive e: (HGST_2) (Fixed) (Total:207.74 GB) (Free:1.61 GB) NTFS
Drive s: () (Network) (Total:2749.2 GB) (Free:594.8 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 98D5A4CB)
Partition 1: (Not Active) - (Size=1655.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=207.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B52EE734)
Partition 1: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
==================== End of log ============================
|
|
15.07.2015, 08:26
| #4 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Spigot.A gefunden vom Malewarebytes hi, Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.07.2015, 10:23
| #5 |
| | PUP.Optional.Spigot.A gefunden vom Malewarebytes Hallo Schrauber, vielen Dank für Deine Hilfe. Hab den Scan gemacht. 5 von 7 wurden in Quarantäne verschoben. 2 jedoch nicht. Was tun? Viele Grüße Helmut Code:
ATTFilter Emsisoft Emergency Kit - Version 10.0
Letztes Update: 15.07.2015 09:41:17
Benutzerkonto: HELMUT-PC\Helmut
Scan-Einstellungen:
Scan-Methode: Eigener Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 15.07.2015 11:15:52
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-675147457-2045932314-1395331145-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-675147457-2045932314-1395331145-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-675147457-2045932314-1395331145-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-675147457-2045932314-1395331145-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Gefunden: Setting.NoRun (A)
Gescannt: 283842
Gefunden 7
Scan-Ende: 15.07.2015 11:22:15
Scan-Zeit: 0:06:23
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantäne Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-675147457-2045932314-1395331145-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-675147457-2045932314-1395331145-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantäne Setting.DisableTaskMgr (A)
Quarantäne 5
|
|
16.07.2015, 07:32
| #6 | |
| /// the machine /// TB-Ausbilder | PUP.Optional.Spigot.A gefunden vom Malewarebytes Die sind aus einem andern Userkonto. Entweder dort nochmal scannen, oder auch nicht, die Funde sind nicht böse  Zitat:
Sonst noch Probleme mit dem Rechner?
__________________ --> PUP.Optional.Spigot.A gefunden vom Malewarebytes |
|
16.07.2015, 08:08
| #7 |
| | PUP.Optional.Spigot.A gefunden vom Malewarebytes Guten morgen Schrauber, das ist der JAnrufmonitor. Ist denke ich OK. Ansonsten sind alle PCs im Netzwerk wieder da. Nur auf einen kann ich nicht zugreifen. Seltsam. Muss ich vielleicht den auch mal Untersuchen. Ich melde mich nochmal. Erstmal vielen herzlichen Dank für Deine Hilfe Gruß Helmut |
|
16.07.2015, 10:06
| #8 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Spigot.A gefunden vom Malewarebytes definier mal nicht zugreifen können.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.07.2015, 07:57
| #9 |
| | PUP.Optional.Spigot.A gefunden vom Malewarebytes Guten morgen es wird Netzwerkpfad nicht gefunden angezeigt. Siehe Foto. Gebe ich im Explorer die IP direkt ein, poppt ein Firefox Fenster auf in dem steht: TARGET SERVER NOT AVAILABLE 127.0.0.1:81 Anpingen kann ich aber den PC seltsam Geändert von Helmiii (17.07.2015 um 08:17 Uhr) |
|
18.07.2015, 07:44
| #10 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Spigot.A gefunden vom Malewarebytes Du pingst aber mit der IP oder? Gib die IP mal im Windows Explorer ein, mit \\ vorne dran.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.07.2015, 16:53
| #11 |
| | PUP.Optional.Spigot.A gefunden vom Malewarebytes Hallo, klar pinge ich die IP direkt. Seltsamerweise geht es heute wieder. Wobei der PC meiner Frau auch hier gerade "behandelt" wird. Ich berichte weiter/nochmal |
|
20.07.2015, 07:46
| #12 |
| /// the machine /// TB-Ausbilder | PUP.Optional.Spigot.A gefunden vom Malewarebytes ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu PUP.Optional.Spigot.A gefunden vom Malewarebytes |
| appdata, bericht, browser, code, erkannt, explorer, firefox, google, internet, internet explorer, internetbrowser, malwarebytes, microsoft, mozilla, netzwerk, pcs, plötzlich, roaming, scan, secure, server, software, virus, websites, windows |
Linear-Darstellung
