|
Log-Analyse und Auswertung: atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.07.2015, 03:10 | #1 |
| atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. Hallo erstmal! Ich habe soeben ein paar Prozesse von mir gegoogelt und bin darauf gestoßen, dass die Prozesse atiedxx.exe, csrss.exe und winlogon.exe Trojaner sind. Ich benutze Win7 und keinen Plan, wie die auf meinen PC gekommen sind, aber wahrscheinlich durch verschiedene Downloads aus dem Internet. Genauso, wie andere auf diesem Forum gesagt haben, bewirken diese Trojaner, dass mein PC langsamer geworden ist, habe mich ja schon länger gefragt, warum das der Fall ist. Sie bewirken, dass wenn ich zB Spotify starte, dass da dann 3 mal das Programm offen ist oder beim hochstarten, dass dann um die 9 mal der Windows-Media-Player Updater als Prozess geöffnet wird. Und ich glaube, dass die immer wieder Werbe-Add-ons für Firefox installieren, die zB: Adblock umgehen. Schritt 1: defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 02:52 on 20/07/2015 (Markus Meyer) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01 Ran by Markus Meyer (administrator) on MARKUSMEYER-HP on 20-07-2015 03:12:03 Running from C:\Users\Markus Meyer\Desktop Loaded Profiles: Markus Meyer (Available Profiles: Markus Meyer) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (Blabbers Communications Ltd) C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dxtory Software) C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () C:\Program Files (x86)\Jittery Application\0a9e7e87.ftf.ftf (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Aztec Media Inc) C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe () C:\Program Files (x86)\Spotless Awareness\Spotless Awareness.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\SpotifyCrashService.exe (Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [455680 2012-06-25] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-06-25] (Saitek) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [MFARestart] => C:\ProgramData\MFAData\pack\avgrunasx.exe [247136 2011-08-02] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-30] (Easybits) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.) HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-03-17] (CyberLink Corp.) HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [771912 2015-04-01] (Kingsoft Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-16] (Valve Corporation) HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-07-09] (Overwolf LTD) HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.) HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Spotify Web Helper] => C:\Users\Markus Meyer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-13] (Spotify Ltd) HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Spotify] => C:\Users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe [7334968 2015-07-13] (Spotify Ltd) HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Run: [Dropbox Update] => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.) AppInit_DLLs: C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\ProgramData\Assistant\Assistant_x64.dll [4319744 2014-03-27] () AppInit_DLLs-x32: c:\progra~3\assist~1\assist~1.dll => c:\ProgramData\Assistant\Assistant.dll [4114944 2014-03-27] () Startup: C:\Users\Markus Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-05-09] ShortcutTarget: Dropbox.lnk -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1660394222-742470415-1346051432-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-1660394222-742470415-1346051432-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM -> {E9622797-9614-413F-9EC6-9AFE59DC98BC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchannel.info/?l=1&q={searchTerms}&pid=576&r=2013/07/11&hid=2721309486&lg=EN&cc=AT&unqvl=24 SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {E9622797-9614-413F-9EC6-9AFE59DC98BC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=acc2592f000000000000bc7737ce8124 SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> {E9622797-9614-413F-9EC6-9AFE59DC98BC} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) Toolbar: HKU\S-1-5-21-1660394222-742470415-1346051432-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll [2013-02-18] (Blabbers Communications Ltd) Handler-x32: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll [2013-02-18] (Blabbers Communications Ltd) Handler-x32: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll [2013-02-18] (Blabbers Communications Ltd) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-09] (EasyBits Software Corp.) Tcpip\..\Interfaces\{62C90C10-94BE-4F98-98B8-118772EDD064}: [DhcpNameServer] 212.33.36.155 212.33.55.5 Tcpip\..\Interfaces\{657FB976-8DE4-48CC-9072-2DD379F15991}: [DhcpNameServer] 212.33.36.155 212.33.55.5 FireFox: ======== FF ProfilePath: C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063 FF SearchEngineOrder.1: default-search.net FF SelectedSearchEngine: default-search.net FF Homepage: about:home FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-01] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-07] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-08] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1660394222-742470415-1346051432-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Markus Meyer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1660394222-742470415-1346051432-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-08] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-07-11] (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\searchplugins\default-search.xml [2015-02-12] FF SearchPlugin: C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\searchplugins\youtube-videosuche.xml [2015-03-06] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2015-02-12] FF Extension: Ginyas Browser Companion - C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\Extensions\bbrs_002@blabbers.com [2015-07-09] FF Extension: Extreme Blocker - C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\Extensions\uikamptjhnmg@xsczfmjpgxmivd.org [2015-07-18] FF Extension: TinyURL Generator - C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2015-07-15] FF Extension: Adblock Plus - C:\Users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-08] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-07-18] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-03] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Browser Companion Helper) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf [2012-11-12] CHR Extension: (No Name) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boiegokgnfcjbkeijinpemhfoekfmaik [2014-04-24] CHR Extension: (Adblock Plus) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-24] CHR Extension: (SAverExtension) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkefnjfpgnpgpkkkpflkcimgikhgkbnb [2013-12-30] CHR Extension: (SMSnetwork for Chrome) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlkmhlkkbjgbjpiidobibnckobfagpbd [2014-06-05] CHR Extension: (Ponyhoof) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2014-04-24] CHR Extension: (GGreeaotSAvue4U) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnhfmahopbelmaoeooelbgnhhfpelhc [2014-02-27] CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2015-07-08] CHR Extension: (AdBlock) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-24] CHR Extension: (1click timer) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2014-07-03] CHR Extension: (No Name) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpahjicmehopmlkbenbkmckcedlcmhk [2014-12-09] CHR Extension: (DIsCounTExxtensi) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapefjkjbamjahejjngoffibmgemngom [2014-05-21] CHR Extension: (Facebook Color Changer Enhancer) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbdkclmnkbjelpeddibimjmgofgkdagn [2014-06-11] CHR Extension: (Skype Click to Call) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-06] CHR Extension: (No Name) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2012-12-01] CHR Extension: (No Name) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhhflamheoandbibgflojkjccnenjbda [2015-01-07] CHR Extension: (FunDealsu) - C:\Users\Markus Meyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\olofjkgoajokennbpnmfcpkiapegnhlp [2014-05-21] CHR HKU\S-1-5-21-1660394222-742470415-1346051432-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11] CHR HKLM-x32\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2012-03-21] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 699fd52f; c:\ProgramData\Assistant\AssistantSvc.dll [178000 2014-03-27] () [File not signed] R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed] R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2015-04-01] (Kingsoft Corporation) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 Jittery Application; C:\Program Files (x86)\Jittery Application\0a9e7e87.ftf.ftf [7491827 2015-05-15] () [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1001200 2015-07-09] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-30] () R2 SmdmFService; C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe [3570704 2015-02-03] (Aztec Media Inc) R2 Spotless Awareness; C:\Program Files (x86)\Spotless Awareness\Spotless Awareness.exe [8016410 2015-06-11] () [File not signed] <==== ATTENTION S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [X] S2 SeaPort; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [X] S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg [45968 2015-02-03] (Aztec Media Inc) R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-02-12] (Kingsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 Said505F; C:\Windows\System32\DRIVERS\Said505F.sys [25920 2012-05-11] (Saitek) S3 SaiK0CD0; C:\Windows\System32\DRIVERS\SaiK0CD0.sys [181608 2012-08-06] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-06-26] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-06-26] (Saitek) S3 SaiU0CD0; C:\Windows\System32\DRIVERS\SaiU0CD0.sys [47208 2012-08-06] (Saitek) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLink Corp.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-20 03:12 - 2015-07-20 03:13 - 00033488 _____ C:\Users\Markus Meyer\Desktop\FRST.txt 2015-07-20 03:11 - 2015-07-20 03:12 - 00000000 ____D C:\FRST 2015-07-20 03:11 - 2015-07-20 03:11 - 02134528 _____ (Farbar) C:\Users\Markus Meyer\Desktop\FRST64.exe 2015-07-20 02:52 - 2015-07-20 02:52 - 00000486 _____ C:\Users\Markus Meyer\Desktop\defogger_disable.log 2015-07-20 02:52 - 2015-07-20 02:52 - 00000000 _____ C:\Users\Markus Meyer\defogger_reenable 2015-07-20 02:51 - 2015-07-20 02:51 - 00050477 _____ C:\Users\Markus Meyer\Desktop\Defogger.exe 2015-07-20 01:03 - 2015-07-20 01:03 - 00071632 _____ C:\Users\Markus Meyer\AppData\Local\GDIPFONTCACHEV1.DAT 2015-07-17 16:33 - 2015-07-17 16:33 - 00562784 _____ (Oracle Corporation) C:\Users\Markus Meyer\Downloads\jxpiinstall.exe 2015-07-17 16:33 - 2015-07-17 16:33 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Oracle 2015-07-17 16:32 - 2015-07-17 16:35 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-07-17 16:32 - 2015-07-17 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-07-17 16:32 - 2015-07-17 16:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-07-17 16:32 - 2015-07-17 16:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-07-15 15:19 - 2015-07-15 15:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-07-15 15:16 - 2015-07-17 16:48 - 00000000 ____D C:\ProgramData\Oracle 2015-07-15 15:15 - 2015-07-15 15:16 - 43221600 _____ (Oracle Corporation) C:\Users\Markus Meyer\Downloads\jre-8u51-windows-x64.exe 2015-07-15 15:10 - 2015-07-15 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-07-15 15:10 - 2015-07-15 15:10 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-07-14 16:12 - 2015-07-14 16:12 - 00000000 ____D C:\Users\Markus Meyer\Desktop\Ritterfest Linz 2015 2015-07-12 08:46 - 2015-07-12 08:46 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-07-08 17:05 - 2015-07-20 02:32 - 00514799 _____ C:\Windows\WindowsUpdate.log 2015-07-08 16:51 - 2015-07-09 06:54 - 00000000 ____D C:\Program Files (x86)\AollCheaepPriice 2015-07-08 16:51 - 2015-07-08 16:51 - 00000000 ____D C:\Program Files (x86)\AllChheapPriceo 2015-07-08 16:50 - 2015-07-08 16:50 - 00000000 ____D C:\Program Files (x86)\Myibidder Auction Bid Sniper for eBay 2015-07-08 16:49 - 2015-07-09 06:54 - 00000000 ____D C:\Program Files (x86)\AlluCCheapPrice 2015-07-04 17:06 - 2015-07-04 17:08 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\TEdit 2015-07-04 17:06 - 2015-07-04 17:06 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\TEditXna 2015-07-03 23:42 - 2015-07-03 23:42 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\CEF 2015-07-03 17:04 - 2015-07-17 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-01 20:15 - 2015-07-01 20:15 - 02157552 _____ C:\Users\Apps\glue-resources-pre-vis-2.spa 2015-06-21 18:35 - 2015-07-20 02:46 - 00001252 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA.job 2015-06-21 18:35 - 2015-07-19 09:46 - 00001200 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core.job 2015-06-21 18:35 - 2015-07-18 09:41 - 00004236 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA 2015-06-21 18:35 - 2015-07-18 09:41 - 00003840 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core 2015-06-21 18:35 - 2015-06-21 18:35 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\Dropbox 2015-06-21 18:35 - 2015-06-21 18:35 - 00000000 ____D C:\ProgramData\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-20 03:10 - 2015-02-12 21:34 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\Spotify 2015-07-20 03:10 - 2015-02-12 21:33 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Spotify 2015-07-20 03:07 - 2011-08-20 20:48 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Skype 2015-07-20 02:58 - 2013-02-18 20:45 - 00001052 _____ C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job 2015-07-20 02:54 - 2012-11-12 20:02 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-20 02:54 - 2012-11-12 20:02 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-20 02:52 - 2011-08-20 17:36 - 00000000 ____D C:\Users\Markus Meyer 2015-07-20 02:45 - 2013-02-18 20:45 - 00001004 _____ C:\Windows\Tasks\GinyasBrowserCompanion Runner.job 2015-07-20 02:17 - 2012-04-05 13:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-20 02:00 - 2014-08-22 15:28 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\Adobe 2015-07-20 01:14 - 2014-08-18 19:12 - 00000000 ____D C:\Program Files (x86)\Overwolf 2015-07-20 00:02 - 2015-04-08 21:59 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\LogMeIn Hamachi 2015-07-20 00:02 - 2013-03-13 19:44 - 00000000 ____D C:\Program Files (x86)\Steam 2015-07-19 22:11 - 2011-08-22 16:19 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\TS3Client 2015-07-19 20:58 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-19 20:58 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-19 20:46 - 2015-02-12 19:21 - 00000000 ____D C:\ProgramData\smdmf 2015-07-19 20:45 - 2013-07-11 17:15 - 00000430 ____H C:\Windows\Tasks\schedule!3036567561.job 2015-07-19 20:45 - 2013-02-18 20:45 - 00001004 _____ C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job 2015-07-19 20:45 - 2013-02-18 20:45 - 00001004 _____ C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job 2015-07-19 20:45 - 2013-02-18 20:45 - 00000936 _____ C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job 2015-07-19 20:44 - 2015-04-25 18:20 - 00000000 ____D C:\Users\locales 2015-07-19 20:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-19 20:38 - 2011-08-20 17:44 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{49C7B74D-76DF-493E-A649-6842D00EE0E9} 2015-07-19 06:10 - 2014-03-10 23:50 - 00000000 ____D C:\ProgramData\FindBestDeala 2015-07-18 22:43 - 2012-08-30 18:37 - 00000000 ___RD C:\Users\Markus Meyer\Dropbox 2015-07-18 22:43 - 2012-08-30 18:35 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Dropbox 2015-07-18 22:42 - 2014-08-18 19:10 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\Overwolf 2015-07-17 16:43 - 2011-04-09 20:51 - 00000000 ____D C:\Program Files\Java 2015-07-17 16:35 - 2011-04-09 20:51 - 00000000 ____D C:\Program Files (x86)\Java 2015-07-15 15:48 - 2011-08-20 21:10 - 00000000 ___RD C:\Users\Markus Meyer\Desktop\Stuff 2015-07-15 15:20 - 2015-01-02 21:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-15 15:19 - 2011-04-09 20:48 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-15 15:17 - 2011-04-09 20:48 - 00000000 ____D C:\ProgramData\Adobe 2015-07-15 03:17 - 2012-04-05 13:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-15 03:17 - 2012-04-05 13:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-15 03:17 - 2011-08-20 21:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-14 11:44 - 2012-01-02 15:44 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-07-13 16:05 - 2015-05-30 00:13 - 00352095 _____ C:\Users\Apps\local-files-desktop.spa 2015-07-13 16:05 - 2015-05-23 20:20 - 00158566 _____ C:\Users\Apps\hub.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 41287224 _____ C:\Users\libcef.dll 2015-07-13 16:05 - 2015-04-25 18:20 - 10457856 _____ C:\Users\icudtl.dat 2015-07-13 16:05 - 2015-04-25 18:20 - 07334968 _____ (Spotify Ltd) C:\Users\Spotify.exe 2015-07-13 16:05 - 2015-04-25 18:20 - 04253463 _____ C:\Users\devtools_resources.pak 2015-07-13 16:05 - 2015-04-25 18:20 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll 2015-07-13 16:05 - 2015-04-25 18:20 - 02332541 _____ C:\Users\Apps\musixmatch-lyrics.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 02157552 _____ C:\Users\Apps\glue-resources.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll 2015-07-13 16:05 - 2015-04-25 18:20 - 02018406 _____ C:\Users\cef.pak 2015-07-13 16:05 - 2015-04-25 18:20 - 02008632 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe 2015-07-13 16:05 - 2015-04-25 18:20 - 01488440 _____ C:\Users\libGLESv2.dll 2015-07-13 16:05 - 2015-04-25 18:20 - 00968248 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll 2015-07-13 16:05 - 2015-04-25 18:20 - 00838200 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe 2015-07-13 16:05 - 2015-04-25 18:20 - 00723187 _____ C:\Users\Apps\browse.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00661932 _____ C:\Users\Apps\zlink.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00598403 _____ C:\Users\cef_200_percent.pak 2015-07-13 16:05 - 2015-04-25 18:20 - 00536796 _____ C:\Users\Apps\notification-center.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00528578 _____ C:\Users\Apps\collection.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00512001 _____ C:\Users\Apps\genre.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00508698 _____ C:\Users\Apps\collection-artist.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00493494 _____ C:\Users\Apps\discover.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00466223 _____ C:\Users\Apps\collection-album.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00444515 _____ C:\Users\cef_100_percent.pak 2015-07-13 16:05 - 2015-04-25 18:20 - 00443181 _____ C:\Users\Apps\article.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00420097 _____ C:\Users\Apps\messages.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00416475 _____ C:\Users\Apps\album.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00386535 _____ C:\Users\Apps\social-feed.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00383644 _____ C:\Users\Apps\collection-songs.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00368227 _____ C:\Users\Apps\charts.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00363479 _____ C:\Users\Apps\artist.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00356839 _____ C:\Users\Apps\playlist-desktop.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00346718 _____ C:\Users\Apps\social-chart.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00342668 _____ C:\Users\Apps\buddy-list.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00300863 _____ C:\Users\Apps\radio.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00299055 _____ C:\Users\Apps\folder.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00294773 _____ C:\Users\Apps\settings.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00255357 _____ C:\Users\Apps\profile.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00248623 _____ C:\Users\Apps\share.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00244653 _____ C:\Users\Apps\zlink-queue.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00236396 _____ C:\Users\Apps\chart.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00216723 _____ C:\Users\Apps\search.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00210562 _____ C:\Users\Apps\findfriends.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00196416 _____ C:\Users\Apps\suggest.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00160044 _____ C:\Users\Apps\zlogin.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00158229 _____ C:\Users\Apps\follow.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00098360 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe 2015-07-13 16:05 - 2015-04-25 18:20 - 00096206 _____ C:\Users\Apps\about.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00079928 _____ C:\Users\libEGL.dll 2015-07-13 16:05 - 2015-04-25 18:20 - 00073272 _____ C:\Users\wow_helper.exe 2015-07-13 16:05 - 2015-04-25 18:20 - 00053462 _____ C:\Users\Apps\ad.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00040241 _____ C:\Users\Apps\licenses.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00038320 _____ C:\Users\Apps\error.spa 2015-07-13 16:05 - 2015-04-25 18:20 - 00013506 _____ C:\Users\locales\en-US.pak 2015-07-13 16:05 - 2015-04-25 18:20 - 00008009 _____ C:\Users\locales\el.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00007791 _____ C:\Users\locales\ru.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00007076 _____ C:\Users\locales\ja.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006969 _____ C:\Users\locales\hu.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006950 _____ C:\Users\locales\fr-CA.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006899 _____ C:\Users\locales\fr.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006876 _____ C:\Users\locales\fi.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006875 _____ C:\Users\locales\pl.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006808 _____ C:\Users\locales\es-419.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006793 _____ C:\Users\locales\nl.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006756 _____ C:\Users\locales\de.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006740 _____ C:\Users\locales\zsm.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006739 _____ C:\Users\locales\it.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006731 _____ C:\Users\locales\es.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006726 _____ C:\Users\locales\tr.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006719 _____ C:\Users\locales\zh-Hant.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006717 _____ C:\Users\locales\pt-BR.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006672 _____ C:\Users\locales\sv.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006540 _____ C:\Users\locales\arb.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00006469 _____ C:\Users\locales\en.mo 2015-07-13 16:05 - 2015-04-25 18:20 - 00000020 _____ C:\Users\inst_ver.dat 2015-07-13 16:05 - 2015-04-25 18:20 - 00000000 _____ C:\Users\Markus.redir 2015-07-08 17:00 - 2013-06-30 21:02 - 00000000 ____D C:\ProgramData\Mozilla 2015-07-08 16:51 - 2015-04-16 22:45 - 00000079 _____ C:\Program Files (x86)\prefs.js 2015-07-08 16:51 - 2015-03-02 19:30 - 00000000 ____D C:\ProgramData\2676599837052602665UL 2015-07-08 08:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing 2015-07-07 16:53 - 2013-06-30 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-05 16:14 - 2011-08-20 20:48 - 00000000 ____D C:\ProgramData\Skype 2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-04 19:04 - 2013-02-01 20:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-07-02 17:45 - 2015-06-11 10:27 - 00000000 ____D C:\Program Files (x86)\Spotless Awareness 2015-06-29 04:29 - 2015-06-05 11:59 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2015-06-29 04:29 - 2011-08-21 11:57 - 00000000 ____D C:\Users\Markus Meyer\AppData\Local\CrashDumps 2015-06-28 20:44 - 2012-01-26 19:03 - 00000000 ____D C:\Windows\Minidump 2015-06-28 20:22 - 2015-04-27 22:35 - 00000000 __SHD C:\Users\Markus Meyer\AppData\Local\EmieBrowserModeList 2015-06-28 20:22 - 2014-08-18 19:11 - 00000000 __SHD C:\Users\Markus Meyer\AppData\Local\EmieUserList 2015-06-28 20:22 - 2014-08-18 19:11 - 00000000 __SHD C:\Users\Markus Meyer\AppData\Local\EmieSiteList 2015-06-28 16:05 - 2015-06-05 11:59 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Notepad++ 2015-06-28 15:48 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-28 05:55 - 2014-08-20 19:28 - 00000000 ____D C:\Users\Markus Meyer\AppData\Roaming\Winamp ==================== Files in the root of some directories ======= 2015-04-16 22:45 - 2015-07-08 16:51 - 0000079 _____ () C:\Program Files (x86)\prefs.js 2015-03-18 01:54 - 2015-03-18 01:54 - 0000020 _____ () C:\Users\Markus Meyer\AppData\Roaming\appdataFr3.bin 2013-06-14 13:29 - 2013-06-14 13:30 - 0047104 ___SH () C:\Users\Markus Meyer\AppData\Roaming\Thumbs.db 2011-11-22 22:59 - 2014-02-05 00:06 - 0006144 _____ () C:\Users\Markus Meyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-13 23:16 - 2015-06-13 23:16 - 0000000 _____ () C:\Users\Markus Meyer\AppData\Local\Temp.dat 2012-06-28 15:33 - 2012-04-29 15:33 - 0000032 ____R () C:\ProgramData\hash.dat 2011-08-22 16:13 - 2011-08-22 16:13 - 0000003 _____ () C:\ProgramData\MusicStation.log 2011-08-22 16:13 - 2011-08-22 16:13 - 0000243 _____ () C:\ProgramData\MusicStation.xml Files to move or delete: ==================== C:\ProgramData\hash.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-16 06:39 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01 Ran by Markus Meyer at 2015-07-20 03:15:04 Running from C:\Users\Markus Meyer\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1660394222-742470415-1346051432-500 - Administrator - Disabled) Gast (S-1-5-21-1660394222-742470415-1346051432-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1660394222-742470415-1346051432-1002 - Limited - Enabled) Markus Meyer (S-1-5-21-1660394222-742470415-1346051432-1000 - Administrator - Enabled) => C:\Users\Markus Meyer ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Action Replay Code Manager (HKLM-x32\...\Action Replay Code Manager_is1) (Version: - ) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) AdPunisher (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - AdPunisher) <==== ATTENTION Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AION Free-To-Play (HKLM-x32\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge) AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden AllChheapPriceo (HKLM-x32\...\{5A1D3F9E-73B5-95EC-1233-6646E1358965}) (Version: - "") <==== ATTENTION Amazon Cloud Player (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Assets Manager (HKLM-x32\...\Assets Manager) (Version: 5.0.0.15586 - Aztec Media Inc) <==== ATTENTION Assistant (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}) (Version: - Verified Publisher) <==== ATTENTION ATI Catalyst Install Manager (HKLM\...\{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}) (Version: 3.0.816.0 - ATI Technologies, Inc.) AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden AVG 2012 (Version: 12.0.2114 - AVG Technologies) Hidden Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Interactive Limited) Batman: Arkham City™ (HKLM-x32\...\GFWL_{57520FA0-AC56-469B-9983-FF1000008300}) (Version: 1.0.0000.131 - WB Games) Batman: Arkham City™ (x32 Version: 1.0.0000.131 - WB Games) Hidden Batman: Arkham City™ (x32 Version: 1.0.0001.131 - WB Games) Hidden Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Big Rig Europe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden BrowserCompanion (HKLM-x32\...\BrowserCompanion) (Version: - ) <==== ATTENTION Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision) Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: 1.3 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile) Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dark Souls Prepare to Die Edition (x32 Version: 1.0.0001.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts) Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Dxtory 2.0.104 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.104 - Dxtory Software) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Fishdom (x32 Version: 2.2.0.95 - WildTangent) Hidden Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon) Free YouTube Download version 3.2.2.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.2.430 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.) GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - ) GinyasBrowserCompanion (HKLM-x32\...\GinyasBrowserCompanion) (Version: - Ginyas) <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) HP 3D DriveGuard (HKLM\...\{76785052-9E6A-4403-B06A-929B6BF9D742}) (Version: 4.1.5.1 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company) HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{CE4551E8-8D09-4126-A39B-B7DF82C5EB83}) (Version: 4.0.110.1 - Hewlett-Packard Company) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0511 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{794E5C90-96E5-4413-B3F5-C803205AE30C}) (Version: 14.0.3000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel(R) Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation) Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.1.4 - www.leaguereplays.com) Lorem Ipsum Generator Default Text (HKLM-x32\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version: - "") <==== ATTENTION M.M.O.7 Update Tool (HKLM-x32\...\{24521E5B-24F2-4E84-AA44-8D1BB13140E2}) (Version: 1.1.1 - Mad Catz) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - ) Microsoft Age of Empires Expansion (HKLM-x32\...\Age of Empires Expansion 1.0) (Version: - ) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft Version 1.6.6 BETA (HKLM-x32\...\{ED3219B0-8C17-452A-AF77-FFF11F03FE50}_is1) (Version: 1.6.6 BETA - Copyright 2009-2011 Mojang AB) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MusicStation (HKLM-x32\...\{E74E7F63-E70F-43f2-873F-35FB66F263B2}) (Version: 2.0.5.71 - Omnifone) Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera 12.10 (HKLM-x32\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA) OptimizerPro (HKLM\...\OptimizerPro) (Version: 1.0 - BetterSoft) <==== ATTENTION Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.87.22.0 - Overwolf Ltd.) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - ) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Smart Technology Programming Software 7.0.17.2 (HKLM\...\{EF483420-4184-4E11-A8BE-B6921549BE58}) (Version: 7.0.17.2 - Mad Catz) Spotify (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stronghold (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: - ) Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.100 - Firefly Studios) Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: - ) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version: - ) Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version: - ) Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - ) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Validity WBF DDK (HKLM\...\{7C54D017-21BB-43AE-9746-33E78AF4A425}) (Version: 4.3.118.0 - Validity Sensors, Inc.) Vegas Pro 12.0 (64-bit) (HKLM\...\{8858A840-1D35-11E2-A8C7-F04DA23A5C58}) (Version: 12.0.394 - Sony) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1660394222-742470415-1346051432-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-07-2015 10:53:23 Geplanter Prüfpunkt 17-07-2015 16:29:20 Removed Java(TM) 6 Update 35 17-07-2015 16:31:21 Installed Java 7 Update 79 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08623E46-E8FE-4532-B513-B0646A8B7FBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {117DE90C-0830-46AA-ACD0-481530A8C194} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink) Task: {1ABED571-0AF9-4E87-8418-4468F79F7351} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-07-09] (Overwolf LTD) Task: {2C57DE8A-84F9-4BBC-9C4A-C2FE3FE9C318} - System32\Tasks\{F60309C7-7CF9-4318-8D91-31A0A2242D57} => pcalua.exe -a "C:\Users\Markus Meyer\Desktop\Arena106.exe" -d "C:\Users\Markus Meyer\Desktop" Task: {2CC9563D-6111-4E3B-AF82-6ACDB946DDB5} - System32\Tasks\GinyasBrowserCompanion FireFox Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION Task: {314131D1-7C8E-4B57-9D52-F4B1D1224A58} - System32\Tasks\{2E17ED8E-A591-458D-A5FA-FAE7166DAC42} => pcalua.exe -a C:\ProgramData\AdPunisher\AdPunisher.exe -c /progname=AdPunisher /progver=3.4.2 /progpub=AdPunisher /proguninstallurl=asdahjka.com /deleteappfolder=0 /VERYSILENT Task: {46D8A9B9-E912-46BC-B6B2-96675425DEAF} - System32\Tasks\GinyasBrowserCompanion Runner => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION Task: {521C7B71-B0A6-407E-B9C6-749C8FCA1051} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.) Task: {54EB32FE-6FF4-4B07-B11E-8007A74190F4} - System32\Tasks\{3FD75532-4316-436E-9E65-2BB91D155993} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Transistor\TransistorVideoSetup.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Transistor" Task: {5DD50B57-0028-4F9E-AAA6-4A6876DBAE9F} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-01-23] () <==== ATTENTION Task: {75ED7687-6079-4735-ACAC-75E4CCF5976A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12] (Google Inc.) Task: {7C3DF70B-AC4C-427B-B09A-AD6C0F2CD592} - System32\Tasks\Tomb Raider - Anniversary => C:\Program Files (x86)\Tomb Raider - Anniversary\TRA.exe [2011-09-24] (Eidos Inc.) Task: {7F6ACBDD-DDA1-42C5-902C-048DF8E51C25} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.) Task: {869F8BC2-E27C-44CE-B6B0-1F3B0E17D288} - System32\Tasks\GinyasBrowserCompanion Chrome Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION Task: {9F63F88D-F14A-4E5C-B04B-64632CDAAE22} - System32\Tasks\{797958D8-E0BA-4F78-9BFC-C4E1BA415660} => pcalua.exe -a E:\setup.exe -d E:\ Task: {A4F61D8B-8831-41F8-85DE-44D1B3CE45FF} - System32\Tasks\AdobeAAMUpdater-1.0-MarkusMeyer-HP-Markus Meyer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated) Task: {A826D457-BBD4-4F24-8F6A-485487368B0F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.) Task: {A99EC303-D644-4B34-A2BA-2A120E7C957C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated) Task: {ABDBFA35-B35F-4C73-B9C5-08855DA08479} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] () Task: {B38F290A-7DC4-482A-8A7D-F8C251CD01B7} - System32\Tasks\GinyasBrowserCompanion Update Checker => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION Task: {C4E5FAC1-F645-43CB-8ED0-6B74676145C5} - System32\Tasks\GinyasBrowserCompanion Stats Report => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION Task: {DB23210D-4AA5-4174-B657-70300463B7E1} - System32\Tasks\{345CD035-6703-45B2-B378-C1CFFEE25BBA} => pcalua.exe -a "C:\Users\Markus Meyer\Desktop\Spiele\MINECRAFT\minecraft mods\Sonic Ether's Unbelievable Shaders v08 (Windows)\INSTALLER.exe" -d "C:\Users\Markus Meyer\Desktop\Spiele\MINECRAFT\minecraft mods\Sonic Ether's Unbelievable Shaders v08 (Windows)" Task: {F8B73193-7F01-49F7-98A7-C154628257D5} - System32\Tasks\{458F4FE3-4B96-4165-B41A-489C0EA926D8} => pcalua.exe -a C:\ProgramData\MFAData\pack\avgmfapx.exe -d C:\Windows\SysWOW64 -c /ResumeInstallation="C:\ProgramData\MFAData\state.dat" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core.job => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA.job => C:\Users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION Task: C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION Task: C:\Windows\Tasks\GinyasBrowserCompanion Runner.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION Task: C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION Task: C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exeK/schedule /profile c:\programdata\bettersoft\optimizerpro\3036567561.ini <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-03-27 22:31 - 2014-03-27 22:31 - 04319744 _____ () C:\ProgramData\Assistant\Assistant_x64.dll 2011-02-04 15:42 - 2011-02-04 15:42 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2013-07-11 17:15 - 2013-01-23 21:58 - 00348160 ____N () C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe 2011-07-14 23:45 - 2011-01-27 18:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-05-15 12:53 - 2015-05-15 12:53 - 07491827 _____ () C:\Program Files (x86)\Jittery Application\0a9e7e87.ftf.ftf 2012-03-17 22:22 - 2014-05-30 19:33 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-06-11 10:27 - 2015-06-11 10:27 - 08016410 _____ () C:\Program Files (x86)\Spotless Awareness\Spotless Awareness.exe 2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-03-15 09:57 - 2011-03-15 09:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-06-24 02:21 - 2010-06-24 02:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll 2014-03-27 22:31 - 2014-03-27 22:31 - 04114944 _____ () c:\ProgramData\Assistant\Assistant.dll 2014-03-23 21:19 - 2014-03-27 22:31 - 00178000 _____ () c:\ProgramData\Assistant\AssistantSvc.dll 2010-06-24 02:19 - 2010-06-24 02:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll 2014-10-18 00:11 - 2014-10-18 00:11 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll 2011-07-14 23:44 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-03-12 20:03 - 2015-07-13 16:05 - 41287224 _____ () C:\Users\Markus Meyer\AppData\Roaming\Spotify\libcef.dll 2015-03-12 20:03 - 2015-07-13 16:05 - 01488440 _____ () C:\Users\Markus Meyer\AppData\Roaming\Spotify\libglesv2.dll 2015-03-12 20:03 - 2015-07-13 16:05 - 00079928 _____ () C:\Users\Markus Meyer\AppData\Roaming\Spotify\libegl.dll 2015-03-12 20:03 - 2015-03-21 14:13 - 09305656 _____ () C:\Users\Markus Meyer\AppData\Roaming\Spotify\pdf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-1660394222-742470415-1346051432-1000\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1660394222-742470415-1346051432-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Markus Meyer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 212.33.36.155 - 212.33.55.5 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeBridge => "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Markus Meyer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: GoogleChromeAutoLaunch_6ED5A31595A188B8AF2E77AEACF8C4D2 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BACA2A57-9FFA-4A38-9C7C-275B4CD92C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A809C7A2-DCD5-405C-B400-4ABD95B7875B}] => (Allow) LPort=2869 FirewallRules: [{ED4A05C1-FBEC-45EC-AF8C-DE92AC93D3FE}] => (Allow) LPort=1900 FirewallRules: [{8982F64F-90F2-458F-92B6-DCA7C0637AC6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{B684D451-7D9B-4EE1-B4A5-01F9B6E2A715}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{313F3F04-6F29-40DB-83E7-7C5A74BE6FAE}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe FirewallRules: [{AC250745-93A9-4536-9CCC-F45733ABC6A1}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe FirewallRules: [{DB54112C-E8D4-4FFE-91D0-F2534FD7775F}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{DBFBEAA2-E945-462E-99D6-2A6BED8333B1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{214B763B-4A5A-49D6-A24C-329632A16B4C}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe FirewallRules: [{28042633-DE5B-47DD-B17C-EE5CC03B8A11}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe FirewallRules: [{FD881BD6-87C1-4839-B7C3-EBFDD80A421E}] => (Allow) C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe FirewallRules: [{CEBCF353-401B-4E69-8134-B30B6A0EC498}] => (Allow) C:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe FirewallRules: [{BAE8617A-33BD-4E96-B015-93F2D7571DE1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{0048D87C-D8C8-4A85-9267-E8BB52B42637}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{654B32F5-7FD5-41D8-8882-DFC25B29DD9D}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe FirewallRules: [{1AD916F5-992A-4E72-8544-1755FB8DBBCE}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe FirewallRules: [{A7F00BB6-1DFA-44A8-BF13-5407392C2E8A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe FirewallRules: [{37642C87-343C-401A-9B3E-D8BEA813132C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe FirewallRules: [{4E79B68F-5C0E-4F6D-829E-4905B025C9DE}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe FirewallRules: [{DC74CD3B-B2B2-471B-BE56-FA3FDA77CE80}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe FirewallRules: [TCP Query User{8AC48E9E-650F-4605-A86E-8C49B7693527}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{6F031619-5645-4937-BEEA-4F1137F71656}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [{CBD0DD36-DCAE-4325-A3BE-FF71F4B88457}] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [{9F858C26-7966-472F-A0CE-C331F0963B25}] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [TCP Query User{EC0759B9-1B45-431F-80CB-B09E712174D8}C:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe FirewallRules: [UDP Query User{8267D6D1-6F26-473E-8020-CC996F746528}C:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe FirewallRules: [{BFFE86CF-6D5C-4751-8ABE-0411CFD391FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8D6A52EA-7B45-49C9-8AE0-B75FD55F1310}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5376A9E9-47F3-4C52-BA65-633C070937FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EDA6AF5D-AB9A-44EF-AA0B-52E14127EAAF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{88AD1242-1BA4-4C24-9544-935B79AAD5DB}] => (Allow) C:\Program Files (x86)\WB Games\Batman Arkham City\Binaries\Win32\BatmanAC.exe FirewallRules: [{5DD28917-8672-4F9A-8593-6D86D09A46FC}] => (Allow) C:\Program Files (x86)\WB Games\Batman Arkham City\Binaries\Win32\BatmanAC.exe FirewallRules: [TCP Query User{AFEF79B5-FE59-435D-BB5B-E42C27AD4807}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [UDP Query User{1E4163F9-A7B3-40C4-8C7F-AD962E5B1655}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [{BA360B98-9D2B-4FCA-87CF-D0E1B1CA3E7B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1340D14A-8A67-4DA2-BFCF-05B2FE2E9611}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe FirewallRules: [{1559FB7A-0917-4ADD-906D-4C9CFEFC09B3}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe FirewallRules: [TCP Query User{0C0C4DD6-EB84-4657-B88D-6A1D1DA1F248}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe FirewallRules: [UDP Query User{02D2E0BB-7555-49FB-9224-94795B69F8A6}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe FirewallRules: [{6D61B2F8-76AB-4CB6-84C3-C29F1908C855}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E021CA1F-C5F4-48BE-A30E-34B0A2A2FA37}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{777C899A-DA65-4A37-A33E-917E21FD5C21}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{085D7CCD-29BD-4AD9-A658-5DE2D7359376}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{E3D0C886-32BF-4CE7-AF36-B50B2BB650E7}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe FirewallRules: [{9372DFB6-4C01-4A2D-851B-66C4B2A30205}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe FirewallRules: [TCP Query User{C19F8039-96C9-4B2F-BF66-90560287DA3B}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe FirewallRules: [UDP Query User{787401E0-2419-4569-9D58-09578316D99A}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe FirewallRules: [{57828FB8-380D-407A-BBF7-6673BCD28F37}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe FirewallRules: [{1BED526C-D126-462A-ABF8-59D3D999C4DA}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe FirewallRules: [{B4F261B2-1F67-4239-B185-B92945C438B1}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe FirewallRules: [{8891BE99-CA76-4CD7-AC7D-58D4D5371398}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe FirewallRules: [TCP Query User{9B9CC903-E650-495B-AEE8-1AD8973A42C4}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe FirewallRules: [UDP Query User{A03BC8BA-1836-42E5-8F69-5411B563D9D7}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe] => (Allow) C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe FirewallRules: [TCP Query User{41FD964E-3B64-451A-BD22-DBF4FA025D7E}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{F0AAD9A7-5669-4956-9651-001A61FA7793}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [TCP Query User{59DC7481-7E9E-4849-B927-876152B50B9C}C:\users\markus meyer\appdata\local\temp\gw2.exe] => (Allow) C:\users\markus meyer\appdata\local\temp\gw2.exe FirewallRules: [UDP Query User{F72605AA-96D8-45D1-B2B9-05EAE6CDBDCA}C:\users\markus meyer\appdata\local\temp\gw2.exe] => (Allow) C:\users\markus meyer\appdata\local\temp\gw2.exe FirewallRules: [TCP Query User{5A7A298E-93CD-4C27-A88E-2CB5A78332A1}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [UDP Query User{6A314685-7D09-4D4D-874F-4A64B0B38ACC}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [TCP Query User{EE3C1445-E233-4791-9E77-12E16F59ABA1}C:\users\markus meyer\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\markus meyer\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{C6EC8A71-30F2-468E-94E0-D5B834312670}C:\users\markus meyer\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\markus meyer\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{5A18065B-66EF-4D47-9791-92B82DEDF393}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{DE4CC7AA-A7BF-4192-878D-F3EBA7A8F8BF}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{497B92D8-6095-4A82-A307-79AB2BE5E271}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe FirewallRules: [UDP Query User{FACE1CF6-DB7D-43D1-ACAD-30828019D8D3}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe FirewallRules: [{D06F80C3-EB7F-4E01-8918-5FA6E962E649}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{2C816BF1-BB21-40E5-BEB8-CD87F4D7A516}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{E31F6B4F-403A-423D-85FD-0A04D61E97E4}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{F876B077-12B5-4E94-91BC-2E954DF518A3}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{0313DBC1-AA42-4B39-A8F8-B6823AEE45A5}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [{58AC3ABE-29DC-4078-8E72-1A1521F235D3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A5DA3AE8-7AAF-45C7-8C24-83AA68D7BDF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B4FE6699-1DD9-4F1A-B766-171E4C2D8705}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{343E8237-8325-4AFF-A23E-470FF0492759}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{4E189CAD-1E66-4AC1-BE7B-B5C4EB226EEF}] => (Allow) C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{AB14F9AA-1301-40AD-8806-AC847D5986F7}] => (Allow) C:\Users\Markus Meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{F033DB60-F66C-443C-A293-665EBFEDCE7D}C:\program files (x86)\namco bandai games\darksouls\data.exe] => (Allow) C:\program files (x86)\namco bandai games\darksouls\data.exe FirewallRules: [UDP Query User{7F8E7F6F-BB42-4C8A-B81F-98A2AED1ABAB}C:\program files (x86)\namco bandai games\darksouls\data.exe] => (Allow) C:\program files (x86)\namco bandai games\darksouls\data.exe FirewallRules: [{E143C52B-D96B-4E24-8989-9CDCB2BDE846}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe FirewallRules: [{74A07F70-2B21-4D95-BF7D-2F9F2752A0CE}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe FirewallRules: [{C7F74B36-7799-4570-948D-71C23979F0DD}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe FirewallRules: [{9D3E4F18-618E-4518-A696-F5B8DE0F1A7E}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe FirewallRules: [{9170FBF6-D58E-46BF-9504-C0A627408F69}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{2D119E35-288E-4758-A268-45D2C2D7D3F6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{B5279D20-4D76-480B-B448-D78F676FA6DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe FirewallRules: [{153EE1D0-65F6-4E52-8362-8542C1B2AD64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe FirewallRules: [{4634ADFC-409F-454D-AECE-79C97E269C0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe FirewallRules: [{4457760F-3149-4D8D-BBF0-91F4C38B1943}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe FirewallRules: [{6D795773-6FD1-495E-8E08-C437AF8D82D7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{A56DF3EF-769D-4643-9FA4-460F06B5FDE2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{CCC2DA00-F924-46B7-9234-B9A37B5CB4BC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{49624E43-5681-42D6-8F66-EB737706839E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{11DC8B5E-FF9B-498D-AD8B-77B1FDEC9DA1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{48FAB60F-3FD1-45F5-B761-BBB6B0979611}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{DA5A3292-70E7-4213-9726-B852C098794D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{FB60AC18-7FE9-4957-B2A0-31B0A3908746}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{1EDE3350-460A-4CFB-9719-1B66303B8024}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{35FD096F-9322-41D8-A738-570306EE2075}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe FirewallRules: [{D64FC538-8D36-4887-B8BE-4CF56AE0E501}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe FirewallRules: [{302FC150-F02A-4031-B6F1-0F5E508F6C92}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{D43DF489-E33F-42AA-8B51-A4C01FF75659}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{D2C9115C-5B78-4663-9631-D47DAC6FB42F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe FirewallRules: [{A0102207-1838-45F5-92AF-686B3E0B855E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe FirewallRules: [TCP Query User{6FCECB98-F56E-4CA3-88FA-B4DDA8FC2756}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [UDP Query User{CDB562B6-748F-474A-8EE3-2A85FCBACF65}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe FirewallRules: [TCP Query User{42168896-D7FC-4BD0-9525-92C7A083A401}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [UDP Query User{7DC8DD08-FA28-4CEE-9B02-41B1F0C6526E}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe FirewallRules: [{145200F7-0DDA-4307-8A15-52C4230D98EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{549B94D0-198D-4C69-8995-2110233939D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{3CA54E62-6204-4440-AB00-4D1F937BD2EF}C:\users\markus meyer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\markus meyer\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{8A4E389A-6502-4B02-8782-51315DDD2192}C:\users\markus meyer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\markus meyer\appdata\roaming\spotify\spotify.exe FirewallRules: [{C1193093-E5E7-4D76-8056-C15DBDBF3704}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{C3D206C9-A873-4A3D-8EF0-69AB5E4401D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{87FDE8AA-C71F-4BE6-A257-8EBD9C391DC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe FirewallRules: [{BBE422EC-77E4-434A-B6F9-7C46DF7C9B6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe FirewallRules: [TCP Query User{08D71451-4E3C-403F-92D2-A73FAA9EC6EE}C:\users\markus meyer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\markus meyer\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{44B9DA52-48B3-48B4-92AF-B48387C6A85E}C:\users\markus meyer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\markus meyer\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E17FC18D-799B-4CCA-8888-F0609FDBBA06}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{30A5A31F-EAD6-45EC-AD96-8B2CB5ABB9A1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{ED6FACF7-6DC9-4BF9-9863-0A0C2AA1D5B5}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{4F5638F6-62C1-40C6-8AC1-383D48829EB8}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [{F9D649FD-765B-4962-AC90-D4223D473961}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{0352D893-BEC1-467C-922F-D318328BED67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{CB90298A-C4CF-41F7-993A-31DD7BA0FD05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe FirewallRules: [{0D9318B1-DF5D-4F34-B708-2553081B8E5C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe FirewallRules: [{37342D0E-95B3-435F-97DC-969FF0093D03}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/19/2015 08:47:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/19/2015 08:45:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3fe ID des fehlerhaften Prozesses: 0xa40 Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0 Pfad der fehlerhaften Anwendung: tbhcn.exe1 Pfad des fehlerhaften Moduls: tbhcn.exe2 Berichtskennung: tbhcn.exe3 Error: (07/19/2015 08:45:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458 Ausnahmecode: 0x40000015 Fehleroffset: 0x00057738 ID des fehlerhaften Prozesses: 0xa24 Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0 Pfad der fehlerhaften Anwendung: tbhcn.exe1 Pfad des fehlerhaften Moduls: tbhcn.exe2 Berichtskennung: tbhcn.exe3 Error: (07/19/2015 08:43:19 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (07/19/2015 08:43:19 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (07/19/2015 08:43:18 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (07/19/2015 08:43:13 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (07/19/2015 08:43:11 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (07/19/2015 08:43:10 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (07/19/2015 08:43:10 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC System errors: ============= Error: (07/20/2015 12:02:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/19/2015 08:57:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/19/2015 08:54:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/19/2015 08:52:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (07/19/2015 08:47:21 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT) Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus. Error: (07/19/2015 08:47:21 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80070002 Error: (07/19/2015 08:47:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "TrustedInstaller" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/19/2015 08:47:21 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 2TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (07/19/2015 08:46:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error: (07/19/2015 08:45:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 41% Total physical RAM: 8139.86 MB Available physical RAM: 4772 MB Total Virtual: 16277.93 MB Available Virtual: 12491.45 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:682.97 GB) (Free:164.61 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:15.37 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: EAA2A155) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End of log ============================ Ist als Anhang hinzugefügt, weil das die Zeichenanzahl überschreitet. Ich habe jetzt noch nichts probiert, da ich in diesem Gebiet noch unerfahren bin. Danke für jegliche Hilfe schon im voraus! Markus |
20.07.2015, 04:34 | #2 |
/// TB-Ausbilder | atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Alle von dir genannten Prozesse sind legitim (und damit keine "Trojaner"), sofern sie sich im richtigen Verzeichnis befinden. Wir überprüfen dennoch den Rechner. Scan mit Combofix
|
21.07.2015, 21:16 | #3 |
| atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. Danke für die Hilfe bis jetzt!
__________________Hab jetzt mal ComboFix drüberlaufen lassen und hier ist der Log: Code:
ATTFilter ComboFix 15-07-20.01 - Markus Meyer 21.07.2015 21:46:08.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.8140.5750 [GMT 2:00] ausgeführt von:: c:\users\Markus Meyer\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\AlllCheapPriucee c:\program files (x86)\AlllCheapPriucee\oF06Igg79F3n1f.dat c:\program files (x86)\AlllCheapPriucee\oF06Igg79F3n1f.exe c:\program files (x86)\AlllCheapPriucee\oF06Igg79F3n1f.tlb c:\program files (x86)\AlluCCheapPrice c:\program files (x86)\AlluCCheapPrice\65Rbg6SAEBjYCu.dat c:\program files (x86)\AlluCCheapPrice\65Rbg6SAEBjYCu.exe c:\program files (x86)\AlluCCheapPrice\65Rbg6SAEBjYCu.tlb c:\program files (x86)\AlluCheeaPPrIicee c:\program files (x86)\AlluCheeaPPrIicee\j27VAg9iNNmHOo.dat c:\program files (x86)\AlluCheeaPPrIicee\j27VAg9iNNmHOo.exe c:\program files (x86)\AlluCheeaPPrIicee\j27VAg9iNNmHOo.tlb c:\program files (x86)\AollCheaepPriice c:\program files (x86)\AollCheaepPriice\QR7HLqEPB87Wyx.dat c:\program files (x86)\AollCheaepPriice\QR7HLqEPB87Wyx.exe c:\program files (x86)\AollCheaepPriice\QR7HLqEPB87Wyx.tlb c:\program files (x86)\BrowserCompanion c:\program files (x86)\BrowserCompanion\ack.end c:\program files (x86)\BrowserCompanion\blabbers-ch.crx c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi c:\program files (x86)\BrowserCompanion\jsloader.dll c:\program files (x86)\BrowserCompanion\logo.ico c:\program files (x86)\BrowserCompanion\tdataprotocol.dll c:\program files (x86)\BrowserCompanion\terms.lnk.url c:\program files (x86)\BrowserCompanion\toolbar.dll c:\program files (x86)\BrowserCompanion\uninstall.exe c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll_1 c:\program files (x86)\BrowserCompanion\updater.ini c:\program files (x86)\BrowserCompanion\widgetserv.exe c:\program files (x86)\start c:\program files (x86)\start\Start.dat c:\programdata\2676599837052602665UL c:\programdata\2676599837052602665UL\22d744506cad0c4c3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\2544e9905b19ed48ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\28d0b1947fe80791ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\35555c15a234937f3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\37a553f5bd0c8932ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\3f0327b152e6b712ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\4cc9484e5308b1bcebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\4dc887bcc29b26c6ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\509988526bee90c23a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\52f7a96b3ed86261ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\55a8e9c86128951febd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\58e0cfd5ceb309573a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\5ba3ff2d19c3f7823a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\638b22b38fe15e8cebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\6757e794ec36f69e3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\67c9553d6b57f65c3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\7766d983eaa2eed8ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\78429644664d31173a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\7d3a17969ee8d54eebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\880e4cb7292a1ce4ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\8c1e6cd4f6995a4d3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\906b6fb1d09c124b3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\94ab5725d9da5e7e3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\94d8a7fa1f91add83a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\98cd8fa88a3bac0a3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\9ae0d396fcdda3fd3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\a2a7943e65aa5d273a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\ab04ecb30c557b37ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\af0c9ff59bf040b63a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\af7d149721897c8aebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\beca2007fdd0d58a3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\c007a25cf45c47493a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\c964044650c9e4ef3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\c9cd1ae9d4a3d15eebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\d10de703829fe2d8ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\d1b1b8b13a226202ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\d20502567d1fd4083a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\d2c158d94d8265433a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\d43a473d94acb0b6ebd7a8ace77dcc39.ini c:\programdata\2676599837052602665UL\eec8e69576387ef13a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\f2d1c1d6e6b29a363a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\f678e7392b0ab21f3a4228e33e5795cc.ini c:\programdata\2676599837052602665UL\f7610c3afe2bbcd13a4228e33e5795cc.ini c:\programdata\Assistant\Assistant.dll c:\programdata\Assistant\AssistantSvc.dll c:\programdata\BetterSoft\OptimizerPro c:\programdata\BetterSoft\OptimizerPro\3036567561.ini c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe c:\programdata\ntuser.pol c:\programdata\Roaming c:\programdata\SearchNewTab c:\programdata\SearchNewTab\51decc363a48e.dll c:\programdata\SearchNewTab\51decc363a48e.tlb c:\programdata\SearchNewTab\data\SearchNewTab.dat c:\programdata\SearchNewTab\settings.ini c:\windows\msdownld.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2015-06-21 bis 2015-07-21 )))))))))))))))))))))))))))))) . . 2015-07-21 20:03 . 2015-07-21 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-07-21 18:53 . 2015-07-21 18:53 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{269ED7B7-4451-4C90-A89A-25CF29466112}\offreg.148.dll 2015-07-21 18:21 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{269ED7B7-4451-4C90-A89A-25CF29466112}\mpengine.dll 2015-07-21 11:10 . 2015-07-21 11:10 -------- d-----w- c:\program files (x86)\AlllCheapPricee 2015-07-21 11:09 . 2015-07-21 11:09 -------- d-----w- c:\program files (x86)\AppJump App Launcher and Organizer 2015-07-20 22:41 . 2015-07-20 22:41 20 ----a-w- c:\users\Markus Meyer\AppData\Roaming\appdataFr2.bin 2015-07-20 14:31 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-07-20 01:11 . 2015-07-20 01:16 -------- d-----w- C:\FRST 2015-07-17 14:37 . 2015-07-01 04:29 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DE3C56A-B7D2-4C90-8797-3EFA44386E52}\gapaengine.dll 2015-07-17 14:36 . 2015-07-17 14:36 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-07-17 14:33 . 2015-07-17 14:33 -------- d-----w- c:\users\Markus Meyer\AppData\Roaming\Oracle 2015-07-17 14:32 . 2015-07-17 14:35 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-07-15 13:16 . 2015-07-17 14:48 -------- d-----w- c:\programdata\Oracle 2015-07-15 13:10 . 2015-07-15 13:10 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2015-07-08 14:51 . 2015-07-08 14:51 -------- d-----w- c:\program files (x86)\AllChheapPriceo 2015-07-08 14:50 . 2015-07-08 14:50 -------- d-----w- c:\program files (x86)\Myibidder Auction Bid Sniper for eBay 2015-07-04 15:06 . 2015-07-04 15:08 -------- d-----w- c:\users\Markus Meyer\AppData\Roaming\TEdit 2015-07-04 15:06 . 2015-07-04 15:06 -------- d-----w- c:\users\Markus Meyer\AppData\Local\TEditXna 2015-07-03 21:42 . 2015-07-03 21:42 -------- d-----w- c:\users\Markus Meyer\AppData\Local\CEF . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-21 11:09 . 2015-04-16 20:45 79 ----a-w- c:\program files (x86)\prefs.js 2015-07-15 01:17 . 2012-04-05 11:46 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-07-15 01:17 . 2011-08-20 19:20 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-07-14 09:44 . 2012-01-02 13:44 33856 ---ha-w- c:\windows\system32\hamachi.sys 2015-07-13 14:05 . 2015-04-25 16:20 968248 ----a-w- c:\users\ffmpegsumo.dll 2015-07-13 14:05 . 2015-04-25 16:20 79928 ----a-w- c:\users\libEGL.dll 2015-07-13 14:05 . 2015-04-25 16:20 73272 ----a-w- c:\users\wow_helper.exe 2015-07-13 14:05 . 2015-04-25 16:20 41287224 ----a-w- c:\users\libcef.dll 2015-07-13 14:05 . 2015-04-25 16:20 3457592 ----a-w- c:\users\d3dcompiler_47.dll 2015-07-13 14:05 . 2015-04-25 16:20 1488440 ----a-w- c:\users\libGLESv2.dll 2015-07-13 14:05 . 2015-04-25 16:20 2106424 ----a-w- c:\users\d3dcompiler_43.dll 2015-07-13 14:05 . 2015-04-25 16:20 2008632 ----a-w- c:\users\SpotifyWebHelper.exe 2015-07-13 14:05 . 2015-04-25 16:20 98360 ----a-w- c:\users\SpotifyLauncher.exe 2015-07-13 14:05 . 2015-04-25 16:20 838200 ----a-w- c:\users\SpotifyCrashService.exe 2015-07-13 14:05 . 2015-04-25 16:20 7334968 ----a-w- c:\users\Spotify.exe 2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe 2015-07-01 04:29 . 2012-06-14 15:48 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-06-11 01:03 . 2011-08-22 21:59 140135120 ----a-w- c:\windows\system32\MRT.exe 2015-06-01 19:16 . 2015-06-10 12:03 389840 ----a-w- c:\windows\system32\iedkcs32.dll 2015-05-27 14:35 . 2015-06-10 12:03 24917504 ----a-w- c:\windows\system32\mshtml.dll 2015-05-25 18:24 . 2015-06-10 12:02 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-05-25 18:23 . 2015-06-10 12:02 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2015-05-25 18:23 . 2015-06-10 12:02 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2015-05-25 18:21 . 2015-06-10 12:02 1728960 ----a-w- c:\windows\system32\ntdll.dll 2015-05-25 18:19 . 2015-06-10 12:02 243712 ----a-w- c:\windows\system32\wow64.dll 2015-05-25 18:19 . 2015-06-10 12:02 362496 ----a-w- c:\windows\system32\wow64win.dll 2015-05-25 18:19 . 2015-06-10 12:02 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2015-05-25 18:19 . 2015-06-10 12:02 215040 ----a-w- c:\windows\system32\winsrv.dll 2015-05-25 18:19 . 2015-06-10 12:02 1255424 ----a-w- c:\windows\system32\diagtrack.dll 2015-05-25 18:19 . 2015-06-10 12:02 210944 ----a-w- c:\windows\system32\wdigest.dll 2015-05-25 18:19 . 2015-06-10 12:02 879104 ----a-w- c:\windows\system32\tdh.dll 2015-05-25 18:19 . 2015-06-10 12:02 86528 ----a-w- c:\windows\system32\TSpkg.dll 2015-05-25 18:19 . 2015-06-10 12:02 136192 ----a-w- c:\windows\system32\sspicli.dll 2015-05-25 18:19 . 2015-06-10 12:02 29184 ----a-w- c:\windows\system32\sspisrv.dll 2015-05-25 18:19 . 2015-06-10 12:02 503808 ----a-w- c:\windows\system32\srcore.dll 2015-05-25 18:19 . 2015-06-10 12:02 113664 ----a-w- c:\windows\system32\sechost.dll 2015-05-25 18:19 . 2015-06-10 12:02 50176 ----a-w- c:\windows\system32\srclient.dll 2015-05-25 18:19 . 2015-06-10 12:02 28160 ----a-w- c:\windows\system32\secur32.dll 2015-05-25 18:19 . 2015-06-10 12:02 342016 ----a-w- c:\windows\system32\schannel.dll 2015-05-25 18:19 . 2015-06-10 12:02 314880 ----a-w- c:\windows\system32\msv1_0.dll 2015-05-25 18:19 . 2015-06-10 12:02 309760 ----a-w- c:\windows\system32\ncrypt.dll 2015-05-25 18:19 . 2015-06-10 12:02 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2015-05-25 18:19 . 2015-06-10 12:02 728576 ----a-w- c:\windows\system32\kerberos.dll 2015-05-25 18:19 . 2015-06-10 12:02 424960 ----a-w- c:\windows\system32\KernelBase.dll 2015-05-25 18:19 . 2015-06-10 12:02 1461760 ----a-w- c:\windows\system32\lsasrv.dll 2015-05-25 18:19 . 2015-06-10 12:02 1162752 ----a-w- c:\windows\system32\kernel32.dll 2015-05-25 18:18 . 2015-06-10 12:02 43520 ----a-w- c:\windows\system32\csrsrv.dll 2015-05-25 18:18 . 2015-06-10 12:02 22016 ----a-w- c:\windows\system32\credssp.dll 2015-05-25 18:18 . 2015-06-10 12:02 879104 ----a-w- c:\windows\system32\advapi32.dll 2015-05-25 18:18 . 2015-06-10 12:02 404992 ----a-w- c:\windows\system32\tracerpt.exe 2015-05-25 18:18 . 2015-06-10 12:02 47104 ----a-w- c:\windows\system32\typeperf.exe 2015-05-25 18:18 . 2015-06-10 12:02 112640 ----a-w- c:\windows\system32\smss.exe 2015-05-25 18:18 . 2015-06-10 12:02 296960 ----a-w- c:\windows\system32\rstrui.exe 2015-05-25 18:18 . 2015-06-10 12:02 43008 ----a-w- c:\windows\system32\relog.exe 2015-05-25 18:18 . 2015-06-10 12:02 104448 ----a-w- c:\windows\system32\logman.exe 2015-05-25 18:18 . 2015-06-10 12:02 31232 ----a-w- c:\windows\system32\lsass.exe 2015-05-25 18:18 . 2015-06-10 12:02 19456 ----a-w- c:\windows\system32\diskperf.exe 2015-05-25 18:18 . 2015-06-10 12:02 338432 ----a-w- c:\windows\system32\conhost.exe 2015-05-25 18:18 . 2015-06-10 12:02 64000 ----a-w- c:\windows\system32\auditpol.exe 2015-05-25 18:14 . 2015-06-10 12:02 60416 ----a-w- c:\windows\system32\msobjs.dll 2015-05-25 18:14 . 2015-06-10 12:02 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-05-25 18:11 . 2015-06-10 12:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 6656 ----a-w- c:\windows\system32\apisetschema.dll 2015-05-25 18:11 . 2015-06-10 12:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 12:02 686080 ----a-w- c:\windows\system32\adtschema.dll 2015-05-25 18:07 . 2015-06-10 12:02 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2015-05-25 18:07 . 2015-06-10 12:02 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2015-05-25 18:04 . 2015-06-10 12:02 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll 2015-05-25 18:01 . 2015-06-10 12:02 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2015-05-25 18:01 . 2015-06-10 12:02 635392 ----a-w- c:\windows\SysWow64\tdh.dll 2015-05-25 18:01 . 2015-06-10 12:02 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2015-05-25 18:01 . 2015-06-10 12:02 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2015-05-25 18:01 . 2015-06-10 12:02 248832 ----a-w- c:\windows\SysWow64\schannel.dll 2015-05-25 18:01 . 2015-06-10 12:02 92160 ----a-w- c:\windows\SysWow64\sechost.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-06-26 18:30 151576 ----a-w- c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-06-26 18:30 151576 ----a-w- c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-06-26 18:30 151576 ----a-w- c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696] "Steam"="c:\program files (x86)\Steam\steam.exe" [2015-07-16 2895552] "Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2015-07-19 41200] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944] "Spotify Web Helper"="c:\users\Markus Meyer\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-13 2008632] "Spotify"="c:\users\Markus Meyer\AppData\Roaming\Spotify\Spotify.exe" [2015-07-13 7334968] "Dropbox Update"="c:\users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-21 134512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2011-08-02 247136] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-30 1258504] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752] "PowerDVD14Agent"="c:\program files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" [2014-03-17 795672] "cmsc"="c:\program files (x86)\cmcm\Clean Master\cmtray.exe" [2015-04-01 771912] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-07-14 5579624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 699fd52f;Assistant;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Jittery Application;Jittery Application;c:\program files (x86)\Jittery Application\0a9e7e87.ftf.ftf;c:\program files (x86)\Jittery Application\0a9e7e87.ftf.ftf [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 Spotless Awareness;Spotless Awareness;c:\program files (x86)\Spotless Awareness\Spotless Awareness.exe;c:\program files (x86)\Spotless Awareness\Spotless Awareness.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Said505F;Said505F;c:\windows\system32\DRIVERS\Said505F.sys;c:\windows\SYSNATIVE\DRIVERS\Said505F.sys [x] R3 SaiK0CD0;SaiK0CD0;c:\windows\system32\DRIVERS\SaiK0CD0.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CD0.sys [x] R3 SaiU0CD0;SaiU0CD0;c:\windows\system32\DRIVERS\SaiU0CD0.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CD0.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg;c:\program files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg [x] S2 {C5F942FD-1110-4664-86CE-0C6BDA305235};Power Control [2014/08/31 14:38];c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 cmcore;Clean Master Core Service;c:\program files (x86)\cmcm\Clean Master\cmcore.exe;c:\program files (x86)\cmcm\Clean Master\cmcore.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 SmdmFService;SmdmF Service;c:\program files (x86)\Assets Manager\smdmf\SmdmFService.exe;c:\program files (x86)\Assets Manager\smdmf\SmdmFService.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x] S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-07-21 19:31 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.89\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:17] . 2015-07-21 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000Core.job - c:\users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 16:35] . 2015-07-21 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1660394222-742470415-1346051432-1000UA.job - c:\users\Markus Meyer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 16:35] . 2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49] . 2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49] . 2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion Runner.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49] . 2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion Stats Report.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49] . 2015-07-21 c:\windows\Tasks\GinyasBrowserCompanion Update Checker.job - c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-06-26 18:30 184856 ----a-w- c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-06-26 18:30 184856 ----a-w- c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-06-26 18:30 184856 ----a-w- c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-06-26 18:30 184856 ----a-w- c:\users\Markus Meyer\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000] "ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-06-25 455680] "SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-06-25 158208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 399856] "Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 442352] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\users\Markus Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to iPod Converter - c:\users\Markus Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - FF - ProfilePath - c:\users\Markus Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\8g60e7l1.default-1418240712063\ FF - prefs.js: browser.search.selectedEngine - default-search.net FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=476&aid=146&itype=n&ver=15586&tm=621&src=ds&p= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-GinyasBrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe AddRemove-{5A1D3F9E-73B5-95EC-1233-6646E1358965} - c:\program files (x86)\AlllCheapPriucee\oF06Igg79F3n1f.exe AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f} - c:\progra~3\ASSIST~1\ASSIST~1.DLL AddRemove-{ED3219B0-8C17-452A-AF77-FFF11F03FE50}_is1 - c:\users\Markus Meyer\AppData\Roaming\.minecraft\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A9119622] "ImagePath"="\??\c:\program files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Jittery Application] "ImagePath"="\"c:\program files (x86)\Jittery Application\0a9e7e87.ftf.ftf\"" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{C5F942FD-1110-4664-86CE-0C6BDA305235}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1660394222-742470415-1346051432-1000\Software\SecuROM\License information*] "datasecu"=hex:d5,34,6c,51,25,bb,45,45,00,a7,36,5c,84,28,c6,06,cd,91,8a,63,6d, 93,0d,8f,09,2d,ee,d2,94,40,cc,64,ba,e4,e3,c7,88,48,89,53,72,22,38,0d,1f,31,\ "rkeysecu"=hex:36,65,ed,88,d2,96,8e,47,ee,76,91,9a,23,8d,6a,f4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.18" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2015-07-21 22:09:26 ComboFix-quarantined-files.txt 2015-07-21 20:09 . Vor Suchlauf: 20 Verzeichnis(se), 175.236.415.488 Bytes frei Nach Suchlauf: 29 Verzeichnis(se), 174.879.289.344 Bytes frei . - - End Of File - - 88D5E8962F1DB76704C56E7A77028622 Danke nochmals, Markus |
22.07.2015, 04:42 | #4 |
/// TB-Ausbilder | atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
26.07.2015, 08:36 | #5 |
/// TB-Ausbilder | atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
Themen zu atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden. |
adware, bonjour, branding, browser, chromium, converter, cpu, excel, failed, firefox, firefox 39.0, flash player, google, home, homepage, launch, league of legends, mozilla, mp3, programm, prozesse, registry, rundll, scan, security, software, system, trojaner, udp, usb, warum |