|
Log-Analyse und Auswertung: "Ads by Discount Man" durch Trojan:Win32/Colisi.B?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.08.2015, 12:46 | #1 |
| "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Hallo liebes Trojaner-Board Team, vor rund 2 Monaten hat mein Chrome Browser angefangen Werbungen mit dem Hinweis "Ads by DiscountMan" einzublenden, der Name hat dann auch manchmal variiert. Es wurden auch u.a. immer wieder die "Reimage Repair Website" geöffnet. Ich habe dann natürlich im Internet recherchiert und mich durch unzählige Malwarescanner, Adwarescanner etc durchgeackert doch nichts hat gegen diese lästige Extension im Browser geholfen. Nun habe ich den Laptop folgerichtig kaum benutzt und schon garnicht für sensible Daten(Bankkonto usw). Doch als ich heute meinen Laptop gestartet habe, hat Microsoft Security Essentials etwas entdeckt: "Trojan:Win32/Colisi.B". Nach dem Entfernen dieser Datei war auch plötzlich die hartnäckige Extension im Chrome Browser verschwunden und es wurde keine Werbung mehr zugeschaltet. Ich habe aber dann noch sicherheitshalber Scans mit AdwCleaner, Malwarebytes Anti-Malware sowie mit dem ESET Online Scanner durchgeführt, wobei AdwCleaner und ESET wieder etwas gefunden haben. Dies hat mich stutzig gemacht und bin dann zum Glück auf euch hier gestoßen und hoffe auf euer Expertenwissen Nun zu den Logfiles: FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01 Ran by Daniel (administrator) on DANIEL-LAPTOP (16-08-2015 11:46:25) Running from D:\Bibliotheken\Downloads Loaded Profiles: Daniel (Available Profiles: Daniel) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Englisch (USA) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe ( ) C:\Windows\System32\lxbkcoms.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe (National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe (AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe (National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe (© 2015 Microsoft Corporation) C:\Users\Daniel\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () C:\Program Files (x86)\Hotkey\Hotkey.exe (National Instruments Corporation) D:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe (Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Advanced Micro Devices Inc.) D:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) D:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Motorola Solutions, Inc.) D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817320 2011-07-28] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor) HKLM\...\Run: [DeLay] => C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.) HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec) HKLM\...\Run: [] => [X] HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "D:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [AceGain LiveUpdate] => D:\Program Files (x86)\AceGain\LiveUpdate\LiveUpdate.exe HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-07-09] (Raptr, Inc) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => D:\Program Files\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-275163941-716568953-1963556569-1000\...\Run: [Amazon Music] => C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] () HKU\S-1-5-21-275163941-716568953-1963556569-1000\...\Run: [BingSvc] => C:\Users\Daniel\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2013-07-26] ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-11-12] ShortcutTarget: NI Error Reporting.lnk -> D:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation) Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-11-19] ShortcutTarget: An OneNote senden.lnk -> D:\Programme\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec) ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-004752 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-275163941-716568953-1963556569-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms} HKU\S-1-5-21-275163941-716568953-1963556569-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp HKU\S-1-5-21-275163941-716568953-1963556569-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-004752 HKU\S-1-5-21-275163941-716568953-1963556569-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-004752 SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-275163941-716568953-1963556569-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms} SearchScopes: HKU\S-1-5-21-275163941-716568953-1963556569-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-004752&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Programme\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation) DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Winsock: Catalog5 10 D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation) Winsock: Catalog5-x64 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3DE3B051-154F-485F-AC96-0364F46F7A31}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-25] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll [2012-08-24] (AuthenTec, Inc) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-275163941-716568953-1963556569-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-08] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-04-06] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-26] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-26] CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-26] CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08] CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-26] CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Bluetooth Device Monitor; D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [1206648 2014-12-04] (Motorola Solutions, Inc.) R2 Bluetooth Media Service; D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1710456 2015-01-13] (Motorola Solutions, Inc.) R2 Bluetooth OBEX Service; D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1165688 2014-10-28] (Motorola Solutions, Inc.) R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation) S2 iBtSiva; D:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [131312 2015-03-20] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation) R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation) R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation) R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( ) R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( ) R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R2 NIApplicationWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation) R2 NIDomainService; D:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation) R2 nimDNSResponder; D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NiSvcLoc; D:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation) R2 NISystemWebServer; D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [995568 2015-08-09] (Overwolf LTD) R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35840 2012-06-28] () [File not signed] S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies) R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [14848 2012-02-24] (Intel Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.) S3 BMCMEMUSB; C:\Windows\System32\Drivers\bmcmusb.sys [23760 2010-08-13] (BMC Messsysteme GmbH) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-17] (Disc Soft Ltd) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation) R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [22776 2011-12-22] (Intel Corporation) S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 btmaux; system32\DRIVERS\btmaux.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 11:41 - 2015-08-16 11:41 - 00084675 _____ C:\Users\Daniel\Desktop\Addition.txt 2015-08-16 11:40 - 2015-08-16 11:44 - 00031893 _____ C:\Users\Daniel\Desktop\FRST.txt 2015-08-16 11:39 - 2015-08-16 11:46 - 00000000 ____D C:\FRST 2015-08-16 11:38 - 2015-08-16 11:38 - 02173952 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe 2015-08-16 11:36 - 2015-08-16 11:36 - 00000544 _____ C:\Users\Daniel\Desktop\defogger_disable.log 2015-08-16 11:36 - 2015-08-16 11:36 - 00000168 _____ C:\Users\Daniel\defogger_reenable 2015-08-16 11:28 - 2015-08-16 11:28 - 00050477 _____ C:\Users\Daniel\Desktop\Defogger.exe 2015-08-16 07:50 - 2015-08-16 07:50 - 00000718 _____ C:\Users\Daniel\Desktop\eset.txt 2015-08-16 06:24 - 2015-08-16 06:24 - 00000149 _____ C:\Users\Daniel\Desktop\Microsoft Security Essentials findet wiederholt Trojan-Win32 und BrowserModifier-Win32.url 2015-08-16 05:26 - 2015-08-16 05:26 - 00000142 _____ C:\Users\Daniel\Desktop\Löschen von Dateien mithilfe der Datenträgerbereinigung - Windows-Hilfe.url 2015-08-16 04:59 - 2015-08-16 05:00 - 00003220 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe 2015-08-16 04:56 - 2015-08-16 05:05 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\AVAST Software 2015-08-16 04:31 - 2015-08-16 04:37 - 00000000 ____D C:\ProgramData\SecTaskMan 2015-08-16 04:31 - 2015-08-16 04:31 - 00000000 ____D C:\Users\Daniel\AppData\Local\SecTaskMan 2015-08-16 03:43 - 2015-08-16 03:43 - 00000880 _____ C:\AdwCleaner[S1].txt 2015-08-16 03:40 - 2015-08-16 03:40 - 00000814 _____ C:\AdwCleaner[S4].txt 2015-08-16 03:31 - 2015-08-16 03:31 - 00001682 _____ C:\AdwCleaner[C1].txt 2015-08-16 03:30 - 2015-08-16 03:30 - 00001406 _____ C:\AdwCleaner[S3].txt 2015-07-25 06:36 - 2015-07-25 06:36 - 00000325 _____ C:\Users\Daniel\Desktop\Malware entfernen- Versteckte Spy- und Adware finden - PC ..-.url 2015-07-25 06:36 - 2015-07-25 06:36 - 00000319 _____ C:\Users\Daniel\Desktop\Wie entfernt man Adware und Malware endgültig vom PC-.url ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 11:43 - 2009-07-14 06:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-16 11:43 - 2009-07-14 06:45 - 00020096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-16 11:39 - 2013-07-25 21:46 - 00702220 _____ C:\Windows\system32\perfh007.dat 2015-08-16 11:39 - 2013-07-25 21:46 - 00151098 _____ C:\Windows\system32\perfc007.dat 2015-08-16 11:39 - 2009-07-14 07:13 - 01632994 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-16 11:38 - 2013-07-26 01:48 - 01479707 _____ C:\Windows\WindowsUpdate.log 2015-08-16 11:37 - 2015-05-06 19:31 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Raptr 2015-08-16 11:36 - 2013-07-26 01:48 - 00000000 ____D C:\Users\Daniel 2015-08-16 11:35 - 2013-09-09 19:38 - 00102188 _____ C:\Windows\setupact.log 2015-08-16 11:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-16 11:17 - 2013-09-12 17:57 - 00192856 _____ C:\Windows\PFRO.log 2015-08-16 06:09 - 2015-06-05 00:09 - 00000356 _____ C:\Windows\Tasks\SubprogSplitter.job 2015-08-16 03:19 - 2014-11-25 10:56 - 00000754 _____ C:\Users\Daniel\AppData\Local\GUNT PT500 dyn.ini 2015-08-16 02:59 - 2015-04-01 14:58 - 00000000 ____D C:\Program Files (x86)\Overwolf 2015-08-09 19:09 - 2015-06-21 14:37 - 00000024 _____ C:\Users\Daniel\AppData\Roaming\appdataFr25.bin 2015-07-19 19:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-18 23:47 - 2013-09-15 18:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk ==================== Files in the root of some directories ======= 2015-06-21 14:37 - 2015-08-09 19:09 - 0000024 _____ () C:\Users\Daniel\AppData\Roaming\appdataFr25.bin 2014-03-22 22:18 - 2014-03-22 22:18 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-25 10:56 - 2015-08-16 03:19 - 0000754 _____ () C:\Users\Daniel\AppData\Local\GUNT PT500 dyn.ini 2014-04-16 17:27 - 2014-04-16 20:06 - 0001494 _____ () C:\Users\Daniel\AppData\Local\RecConfig.xml 2015-04-01 04:41 - 2015-04-01 04:41 - 0002807 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel 2013-07-26 02:10 - 2013-07-26 02:10 - 0005377 _____ () C:\Users\Daniel\AppData\Local\WiDiSetupLog.20130726.021021.txt 2014-01-03 20:29 - 2014-01-03 23:13 - 0000041 ___SH () C:\ProgramData\.zreglib 2009-12-15 13:33 - 2009-12-15 13:33 - 0007778 _____ () C:\ProgramData\AW_Texte.bin 2014-10-15 08:21 - 2014-10-15 08:21 - 0000029 _____ () C:\ProgramData\GUNT GUNT WP300.ini dyn.ini 2008-06-23 14:47 - 2008-06-23 14:47 - 0001308 _____ () C:\ProgramData\GUNT WP300.ini 2008-11-13 11:35 - 2008-11-13 11:35 - 0001313 _____ () C:\ProgramData\GUNT WP310.ini 2013-07-25 22:09 - 2013-09-08 19:10 - 0000248 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2010-06-30 10:07 - 2010-06-30 10:07 - 0002111 _____ () C:\ProgramData\PT 500.04.ini 2014-03-13 19:36 - 2014-03-13 19:36 - 0443275 _____ () C:\ProgramData\Software_Terminologie.txt Some files in TEMP: ==================== C:\Users\Daniel\AppData\Local\Temp\AcDeltree.exe C:\Users\Daniel\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe C:\Users\Daniel\AppData\Local\Temp\AutoDetectUtilApp.exe C:\Users\Daniel\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Daniel\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Daniel\AppData\Local\Temp\Creative Cloud Helper.exe C:\Users\Daniel\AppData\Local\Temp\HitmanPro.exe C:\Users\Daniel\AppData\Local\Temp\install-drivers-4.4.455.exe C:\Users\Daniel\AppData\Local\Temp\JavaRa.exe C:\Users\Daniel\AppData\Local\Temp\jli.dll C:\Users\Daniel\AppData\Local\Temp\jre-7u45-windows-i586.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Daniel\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Daniel\AppData\Local\Temp\keytool.exe C:\Users\Daniel\AppData\Local\Temp\LabJackV117_driversonly.exe C:\Users\Daniel\AppData\Local\Temp\LMkRstPt.exe C:\Users\Daniel\AppData\Local\Temp\mhfns1pt.dll C:\Users\Daniel\AppData\Local\Temp\msvcr100.dll C:\Users\Daniel\AppData\Local\Temp\node.exe C:\Users\Daniel\AppData\Local\Temp\ntwdblib.dll C:\Users\Daniel\AppData\Local\Temp\ose00001.exe C:\Users\Daniel\AppData\Local\Temp\PidGenX.dll C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe C:\Users\Daniel\AppData\Local\Temp\raptrpatch.exe C:\Users\Daniel\AppData\Local\Temp\raptr_stub.exe C:\Users\Daniel\AppData\Local\Temp\rtdrvmon.exe C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe C:\Users\Daniel\AppData\Local\Temp\sqlite3.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-19 00:10 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01 Ran by Daniel (2015-08-16 11:46:40) Running from D:\Bibliotheken\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-275163941-716568953-1963556569-500 - Administrator - Disabled) Daniel (S-1-5-21-275163941-716568953-1963556569-1000 - Administrator - Enabled) => C:\Users\Daniel Guest (S-1-5-21-275163941-716568953-1963556569-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-275163941-716568953-1963556569-1000\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{14D58A97-B60E-A858-34D8-95469C02F7EC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG) AuthenTec Fingerprint Driver (Version: 1.6.1.0342 - AuthenTec) Hidden AuthenTec TrueSuite (HKLM\...\{9A4D399F-F790-4326-A9E4-64DF25E0EBE1}) (Version: 5.2.500.16 - AuthenTec, Inc.) Autodesk Inventor Content Center Libraries 2014 (Desktop Content) (HKLM\...\{B46DECD1-1864-4EF1-0000-22D71E81877C}) (Version: 18.0.17000.0000 - Autodesk) Autodesk Inventor Professional 2014 - Deutsch (German) (HKLM\...\Autodesk Inventor Professional 2014) (Version: 18.0.17000.0000 - Autodesk) Autodesk Inventor Professional 2014 (Version: 18.0.17000.0000 - Autodesk) Hidden Autodesk Inventor Professional 2014 Language Pack - Deutsch (German) (Version: 18.0.17000.0000 - Autodesk) Hidden Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk) Battlefield Vietnam(TM) (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version: - ) BFVCC Server Manager (HKLM-x32\...\BFVCC Server Manager1.00_A Beta) (Version: - ) Bilder-CD Produktionsorganisation, 8. Aufl. - Einzellizenz (HKLM-x32\...\Bilder-CD Produktionsorganisation_is1) (Version: - Verlag Europa-Lehrmittel) BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version: - BisonCam) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve) Eco Materials Adviser for Autodesk Inventor 2014 (64-bit) (HKLM\...\{530B8614-C5DE-475B-AF6F-71BED461552C}) (Version: 4.4.1.0 - Granta Design Limited) FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.8.0.0 - Electronic Arts) Finger Printer (HKLM-x32\...\InstallShield_{793C03D1-884D-4C11-A7F6-07F3FDF10066}) (Version: 2.00.0000 - ) Finger Printer (x32 Version: 2.00.0000 - ) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free YouTube Download version 3.2.30.319 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.30.319 - DVDVideoSoft Ltd.) G.U.N.T. PT500.04 (HKLM-x32\...\{20CAA3E9-2F37-4FEC-901B-66646223CD58}) (Version: 2.6.0 - G.U.N.T. Gerätebau GmbH) G.U.N.T._WP3X0 (HKLM-x32\...\{C9F3B2E1-55D2-4198-93FC-E292D2147209}) (Version: 3.8.0 - G.U.N.T. Gerätebau GmbH) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) HeidiSQL 8.1.0.4545 (HKLM-x32\...\HeidiSQL_is1) (Version: 8.1 - Ansgar Becker) Hotkey 6.0082 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0082 - NoteBook) Hotkey 6.0082 (x32 Version: 6.0082 - NoteBook) Hidden Intel Extreme Tuning Utility (HKLM-x32\...\{7C1CA9A1-4A23-4CC5-AC7E-D81D9E0C9493}) (Version: 3.1.105.0 - Intel Corporation) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4226 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation) Intel(R) Wireless Bluetooth(R)(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) K-Lite Codec Pack 10.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.5 - ) L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games) LabJack (HKLM-x32\...\LabJack) (Version: - ) Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.) Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech) Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems) Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden Mathcad Prime 2.0 (HKLM\...\{CC0987FE-EC76-41E0-AD67-BCD9E4E27C4F}) (Version: 2.0.1 - PTC) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Office Language Pack 2013 - German/Deutsch (HKLM\...\Office15.OMUI.de-de) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) National Instruments - Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments) NI Authentication 13.5.0 (64-bit) (Version: 13.5.70 - National Instruments) Hidden NI Authentication 13.5.0 (x32 Version: 13.5.70 - National Instruments) Hidden NI Curl 13.5.0 (64-bit) (Version: 13.5.69 - National Instruments) Hidden NI Curl 13.5.0 (x32 Version: 13.5.69 - National Instruments) Hidden NI Error Reporting 2013 SP1 (x32 Version: 13.1.98 - National Instruments) Hidden NI EulaDepot (x32 Version: 3.20.362 - National Instruments) Hidden NI GMP Windows 32-bit Installer 13.5.0 (x32 Version: 13.50.15 - National Instruments) Hidden NI GMP Windows 64-bit Installer 13.5.0 (Version: 13.50.15 - National Instruments) Hidden NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden NI LabVIEW 2013 Deployment Framework (x32 Version: 13.0.428 - National Instruments) Hidden NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.5.264.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.448.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 8.5.1 (x32 Version: 8.5.306.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.449.0 - National Instruments) Hidden NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden NI Logos 5.5 (64-bit) (Version: 5.5.293 - National Instruments) Hidden NI Logos 5.5 (x32 Version: 5.5.293 - National Instruments) Hidden NI Logos XT Support (x32 Version: 5.5.294 - National Instruments) Hidden NI Logos64 XT Support (Version: 5.5.294 - National Instruments) Hidden NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.861.0 - National Instruments) Hidden NI MDF Support (x32 Version: 3.20.362 - National Instruments) Hidden NI mDNS Responder 2.2 for Windows 64-bit (Version: 2.20.49152 - National Instruments) Hidden NI mDNS Responder 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden NI Service Locator 13.5 (x32 Version: 13.5.70 - National Instruments) Hidden NI SSL Support (64-bit) (Version: 13.5.69 - National Instruments) Hidden NI SSL Support (x32 Version: 13.5.69 - National Instruments) Hidden NI System State Publisher (64-bit) (Version: 13.1.97 - National Instruments) Hidden NI System State Publisher (x32 Version: 13.1.97 - National Instruments) Hidden NI System Web Server 13.5 (x32 Version: 13.5.69 - National Instruments) Hidden NI System Web Server Base 13.5.0 (64-bit) (Version: 13.5.69 - National Instruments) Hidden NI System Web Server Base 13.5.0 (x32 Version: 13.5.69 - National Instruments) Hidden NI TDM Streaming 2.5 (64-bit) (Version: 2.5.46 - National Instruments) Hidden NI TDM Streaming 2.5 (x32 Version: 2.5.46 - National Instruments) Hidden NI Trace Engine (64-bit) (Version: 13.5.69 - National Instruments) Hidden NI Trace Engine (x32 Version: 13.5.69 - National Instruments) Hidden NI Uninstaller (x32 Version: 3.20.362 - National Instruments) Hidden NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden NI Web Application Server 13.5 (64-bit) (Version: 13.5.70 - National Instruments) Hidden NI Web Application Server 13.5 (x32 Version: 13.5.70 - National Instruments) Hidden OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.) Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Overwolf (HKLM-x32\...\Overwolf) (Version: 0.88.41.0 - Overwolf Ltd.) PTC Quality Agent (HKLM-x32\...\{DE75B409-8D86-4574-944D-3B5E25D87B30}) (Version: 2.0.0.0 - PTC) PunkBuster für Battlefield Vietnam (HKLM-x32\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version: - ) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27020 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.18.0 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited) TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo) TrackMania 2 - Canyon (HKLM-x32\...\{6DF1B3E4-3EF6-4BFD-8C60-ABBCD423B5A6}_is1) (Version: v1.0 - RAF) Unity Web Player (HKU\S-1-5-21-275163941-716568953-1963556569-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version: - Microsoft) Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version: - Microsoft) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) WebCam Installer (HKLM-x32\...\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}) (Version: 4.04 - WebCam) WebCam Installer (x32 Version: 4.04 - WebCam) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\iDrop.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TI.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxTest.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtCp.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll () CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll () CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\BodyReceiver.dll () CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxApprenticeServer.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\AcInetUI.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxInventorUtilities.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvResc.dll (Autodesk) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvTXTStack.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-275163941-716568953-1963556569-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File ==================== Restore Points ========================= 18-07-2015 23:58:05 Windows Update 24-07-2015 20:00:09 Windows Update 02-08-2015 04:12:53 Windows Update 09-08-2015 19:24:02 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2011-09-21 14:42 - 00000950 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 mp02.maniaplanet.com 127.0.0.1 mp01.maniaplanet.com 127.0.0.1 mp03.maniaplanet.com 127.0.0.1 game.maniaplanet.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B66E21E-62C9-41BF-BAB8-9A599EF41CBE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {1687E894-4D95-4813-BDE6-1096B90ED626} - System32\Tasks\SubprogSplitter => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION Task: {1809969E-D28D-411E-95FC-07B52B8FE92E} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe Task: {19DAE073-5295-4527-BC58-DB0000F06AF9} - System32\Tasks\Amazon Music Helper => C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-07-06] () Task: {1AD7D723-C923-464B-ACE6-1B170714A58F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-08-09] (Overwolf LTD) Task: {3B057293-0A04-4F9E-B662-AA4A0E793860} - System32\Tasks\{D8A22D5C-A4C1-41D2-87D9-9A33166D1EF7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsProgressBar Task: {4363DA6F-625A-4118-92D4-F01FFCDF6BE1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {A746AAAC-5DD0-494B-986B-C5E47AE7901D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe Task: {CCF7B3DC-F4A5-41D8-83A1-1195FBC7629D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe Task: {D04CB132-C336-467C-84BB-B80A2895DF4E} - System32\Tasks\{4867A6DC-FE48-4375-8DCD-4B7BB9A09120} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain Task: {D8B8770D-6003-43A2-A6C0-565DF7325A57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EE6599E3-FA88-45CF-8D90-CF5C7FC853EB} - System32\Tasks\CCleanerSkipUAC => D:\Programme\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\SubprogSplitter.job => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2013-07-26 02:04 - 2012-03-15 06:48 - 00127320 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2012-06-28 16:44 - 2012-06-28 16:44 - 00035840 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe 2012-08-24 03:37 - 2012-08-24 03:37 - 01136488 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll 2012-08-24 03:38 - 2012-08-24 03:38 - 00087400 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll 2013-07-26 02:13 - 2010-11-12 12:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2014-12-27 15:57 - 2015-07-06 19:47 - 05886784 _____ () C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe 2012-11-19 10:37 - 2012-11-19 10:37 - 04747264 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe 2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2009-06-06 14:50 - 2009-06-06 14:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll 2013-06-07 10:59 - 2013-06-07 10:59 - 01958560 _____ () D:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2014-08-14 02:37 - 2014-08-14 02:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll 2014-08-14 02:37 - 2014-08-14 02:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll 2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd 2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd 2013-11-21 02:05 - 2013-11-21 02:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll 2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll 2015-05-26 00:34 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-26 00:34 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll 2013-07-26 02:04 - 2012-03-06 09:27 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:C96E8EEDE02BF6BD ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-275163941-716568953-1963556569-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B1B789CE-E8BB-40BD-A45F-5F9726F6021A}] => (Allow) D:\Programme\Microsoft Office\Office15\lync.exe FirewallRules: [{8E5B7BA2-26B4-436D-9224-304779CF399C}] => (Allow) D:\Programme\Microsoft Office\Office15\lync.exe FirewallRules: [{D3273947-66EA-49F0-9103-B98485A102FC}] => (Allow) D:\Programme\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{497EB0BE-DB81-448C-AB2C-CA6898C14457}] => (Allow) D:\Programme\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D5EC304A-3D7E-4469-8947-3594ACA84A2B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{5AF002FF-35E0-47EB-AF72-607B45EEC25C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FDCDFCE2-2506-4E73-A80B-DFFA2BCE505B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{485CB457-4EDC-4CA6-9BDC-9C9C5AA766E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9A71C8DA-427D-455A-A381-76AE53A7E8B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0A468F93-B583-44D5-9745-9D95BBF77A5D}] => (Allow) D:\Programme\Skype\Phone\Skype.exe FirewallRules: [{F2431B55-DCA7-400E-A5B7-B813E49B57E4}] => (Allow) D:\Programme\Steam\Steam.exe FirewallRules: [{D61A59F1-99E4-4F2B-8D1D-881C0ECB2269}] => (Allow) D:\Programme\Steam\Steam.exe FirewallRules: [TCP Query User{E53146AE-F5C2-4EE8-89B8-276E60CC9B5D}D:\programme\steam\steamapps\common\day of defeat source\hl2.exe] => (Block) D:\programme\steam\steamapps\common\day of defeat source\hl2.exe FirewallRules: [UDP Query User{E0FE4015-36F1-4477-99BC-A0101565A115}D:\programme\steam\steamapps\common\day of defeat source\hl2.exe] => (Block) D:\programme\steam\steamapps\common\day of defeat source\hl2.exe FirewallRules: [{D719AD8F-1E3D-4996-B556-DD99D2632728}] => (Allow) D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe FirewallRules: [{10A3F75A-C3D4-481D-B399-C5C5D0BF11A4}] => (Allow) D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe FirewallRules: [TCP Query User{A6455AC7-5470-45E9-9C6F-162C3CAF693B}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\programme\rockstar games\grand theft auto iv\gtaiv.exe FirewallRules: [UDP Query User{FAAFCCDD-28A9-4958-89B3-3AAFD5E4E3B5}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) D:\programme\rockstar games\grand theft auto iv\gtaiv.exe FirewallRules: [TCP Query User{DC823C36-C508-4DE2-ADED-C51C17381DC1}F:\xampp\apache\bin\httpd.exe] => (Allow) F:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{5FDDA66C-C8DD-4219-B9AA-880BE72E3246}F:\xampp\apache\bin\httpd.exe] => (Allow) F:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{3E38C86A-9D11-482C-90A7-770528CEA066}F:\xampp\mysql\bin\mysqld.exe] => (Allow) F:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{6D612BC3-60C9-41BF-BBBD-EF18C744C4E8}F:\xampp\mysql\bin\mysqld.exe] => (Allow) F:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{EE9E8031-784C-41A9-BFA6-0C434C26BDDF}D:\programme\tmnationsforever\tmforever.exe] => (Allow) D:\programme\tmnationsforever\tmforever.exe FirewallRules: [UDP Query User{107FDC06-BEAB-4DA3-8C77-5FE6EB8CC641}D:\programme\tmnationsforever\tmforever.exe] => (Allow) D:\programme\tmnationsforever\tmforever.exe FirewallRules: [{E4607DEC-2A59-4896-B5E5-EBF5B630FB78}] => (Allow) D:\Programme\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2911FC0C-C5DC-4DC7-9013-1FADD34AA8C8}] => (Allow) D:\Programme\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{8B9DD51C-23B6-4347-BE4B-05F74F3D8E3B}] => (Allow) D:\Programme\Microsoft Office\Office15\outlook.exe FirewallRules: [TCP Query User{802B41C7-ED0B-4BBE-98BD-5731D0D0F95B}G:\xampp\apache\bin\httpd.exe] => (Allow) G:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{F9E9B5EA-FB3D-4481-83C6-6F604E1B83BD}G:\xampp\apache\bin\httpd.exe] => (Allow) G:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{254DB4CB-E0BB-4E3F-A323-D664C426B960}G:\xampp\mysql\bin\mysqld.exe] => (Allow) G:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{38D8A519-7055-4D6E-9026-6546559ECD4C}G:\xampp\mysql\bin\mysqld.exe] => (Allow) G:\xampp\mysql\bin\mysqld.exe FirewallRules: [{9D2C9130-79B4-4E08-B0C4-D09227011A05}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe FirewallRules: [{5105F25E-4E8A-4C24-91F0-DD9425005441}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe FirewallRules: [{EC563B20-203B-4B4A-B5F4-6ADB66AB4C40}] => (Allow) C:\Windows\System32\lxbkcoms.exe FirewallRules: [{7D23FE7F-32FA-4361-A6A5-5EB4C0DA8250}] => (Allow) C:\Windows\System32\lxbkcoms.exe FirewallRules: [{ACD05752-E5C3-4C98-ACF8-D3B796740AC7}] => (Allow) D:\Programme\iTunes\iTunes.exe FirewallRules: [{F2AD6067-EEB0-46DC-BBF8-7DF362699745}] => (Allow) C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{1BA14B21-9B97-4B70-BF62-5ACCA8ED664F}] => (Allow) C:\Users\Daniel\AppData\Roaming\Spotify\spotify.exe FirewallRules: [{031C8371-70D9-4AF8-98F5-728022A9C2B8}] => (Allow) D:\Programme\Steam\SteamApps\common\Day of Defeat Source\hl2.exe FirewallRules: [{42F3FCD5-3480-420F-92A6-CB2166D15FD9}] => (Allow) D:\Programme\Steam\SteamApps\common\Day of Defeat Source\hl2.exe FirewallRules: [{AF729252-A2ED-4398-87B6-6CE1D43D5781}] => (Allow) D:\Programme\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{C86BB734-F42F-475F-A36B-90AFD8DB52A5}] => (Allow) D:\Programme\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E66612D7-25F5-4126-B86C-EF906264B08D}] => (Allow) D:\Programme\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe FirewallRules: [{8295E8F5-0CC9-40C0-B990-BD9166873292}] => (Allow) D:\Programme\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe FirewallRules: [{8F97D5A2-E46B-4D90-8B07-E826FB6298F5}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe FirewallRules: [{9E2C4AEA-AACE-47A6-B2FD-7C914963C430}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe FirewallRules: [{B83D42A5-00BE-4BE7-9702-63F6FD46D5B4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{8CF293F8-6562-4F7A-8FA2-8479158925FE}] => (Allow) LPort=2869 FirewallRules: [{2FC93AAC-AF4A-48AA-8A1F-86696C80BA96}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{A8285B8A-B4D8-4DD9-B920-E4F43CAF9ACE}D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe] => (Block) D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe FirewallRules: [UDP Query User{BEC986C1-00F0-4B49-8A08-D31CABEAB6F9}D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe] => (Block) D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe FirewallRules: [TCP Query User{2810FE31-F60F-4F3D-91E3-839DD3230F1A}D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe] => (Block) D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe FirewallRules: [UDP Query User{68950810-F5C3-4212-9915-244E54E5DFDE}D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe] => (Block) D:\program files (x86)\nadeo\trackmania 2 - canyon\maniaplanet.exe FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe FirewallRules: [{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe FirewallRules: [{22EC3136-CADE-4416-9D77-F40268D55AD2}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe FirewallRules: [{C229CA86-D1D2-4089-A45B-2E31E803BAF1}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe FirewallRules: [{4F08CF52-B016-4A68-944C-1304C9C0BE35}] => (Allow) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe FirewallRules: [{CD4A55A3-AC69-4910-B11D-11764353D2A1}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe FirewallRules: [{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) D:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe FirewallRules: [TCP Query User{FF9C14CB-63EB-43A2-9750-DEE866B4FE04}G:\microsoft toolkit.exe] => (Allow) G:\microsoft toolkit.exe FirewallRules: [UDP Query User{0110405C-0201-4528-AC61-D578D8F92ACB}G:\microsoft toolkit.exe] => (Allow) G:\microsoft toolkit.exe FirewallRules: [{42326DE0-E0D9-4B63-A78F-1A2C87E18555}] => (Allow) D:\Programme\Microsoft Office\Office15\lync.exe FirewallRules: [{EF528D6C-42E6-4A8C-8623-CAD0CC637A99}] => (Allow) D:\Programme\Microsoft Office\Office15\lync.exe FirewallRules: [{7F230829-4F19-4415-BD4F-887FF5B3DCA5}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe FirewallRules: [{A8847C5B-98CE-4601-B56A-E03DB11C66E3}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{8137B10F-DAE6-4B17-9D30-7D544ACAF825}D:\program files (x86)\skype\phone\skype.exe] => (Allow) D:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{C6B622B5-2323-422F-8865-AA5D962DCF8D}D:\program files (x86)\skype\phone\skype.exe] => (Allow) D:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{4F321CDD-12AE-4228-95FB-A48DD8BD4F84}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{4841B3A1-AE58-4F4A-BE07-44B878006C88}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{26866624-4E49-4B98-BA99-1C8966CD9301}D:\program files (x86)\bfvcc server manager\bfvcc.exe] => (Block) D:\program files (x86)\bfvcc server manager\bfvcc.exe FirewallRules: [UDP Query User{6B46B3C7-0FDD-4DFA-88BF-F256B75D2C37}D:\program files (x86)\bfvcc server manager\bfvcc.exe] => (Block) D:\program files (x86)\bfvcc server manager\bfvcc.exe FirewallRules: [TCP Query User{F017A171-A948-4C0A-99DE-D4840AC7D00B}D:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe] => (Allow) D:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe FirewallRules: [UDP Query User{9F1AFC27-5FBB-4D18-B598-1AACEE5EAC77}D:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe] => (Allow) D:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe FirewallRules: [TCP Query User{7A157B85-2C30-44F2-B25D-E75C4722A092}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Block) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{27F35123-6339-4D0A-A59F-99FFDC3C25B1}D:\program files\rockstar games\grand theft auto v\gta5.exe] => (Block) D:\program files\rockstar games\grand theft auto v\gta5.exe FirewallRules: [{6197E6C3-8978-4A8A-BC9B-19B54BC600FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{9CF963D2-290A-4EDF-A907-564569673FC1}F:\microsoft toolkit.exe] => (Allow) F:\microsoft toolkit.exe FirewallRules: [UDP Query User{E3D54590-39B2-41D5-991F-FC456E1351A6}F:\microsoft toolkit.exe] => (Allow) F:\microsoft toolkit.exe FirewallRules: [{77AAC876-CD66-4F06-95BE-C500C4D376C3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{31E2B4B2-361E-4A0E-A87D-2573508821C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{B98AC8CA-2D7B-4CA7-968A-523483A5CB4D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{5166CE3F-24AE-4E6C-9B44-515727A6D82A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/16/2015 07:03:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (08/16/2015 05:56:23 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (08/16/2015 03:42:39 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (08/16/2015 03:28:32 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 999 Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 999 Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3354 Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3354 Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (08/16/2015 11:37:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/16/2015 11:34:55 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/16/2015 11:34:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/16/2015 11:31:22 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/16/2015 11:20:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/16/2015 07:52:47 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (08/16/2015 06:00:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (08/16/2015 06:00:55 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (08/16/2015 06:00:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (08/16/2015 06:00:54 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Daniel\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Microsoft Office: ========================= Error: (08/16/2015 07:03:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestD:\Bibliotheken\Downloads\esetsmartinstaller_deu (1).exe Error: (08/16/2015 05:56:23 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestD:\Bibliotheken\Downloads\esetsmartinstaller_deu (1).exe Error: (08/16/2015 03:42:39 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestD:\Bibliotheken\Downloads\esetsmartinstaller_deu.exe Error: (08/16/2015 03:28:32 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestD:\Bibliotheken\Downloads\esetsmartinstaller_deu.exe Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 999 Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 999 Error: (07/20/2015 05:39:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3354 Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3354 Error: (07/20/2015 02:48:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz Percentage of memory in use: 19% Total physical RAM: 16275.72 MB Available physical RAM: 13175.14 MB Total Virtual: 32549.65 MB Available Virtual: 29264.93 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:109.47 GB) (Free:6.74 GB) NTFS Drive d: (HDD) (Fixed) (Total:698.54 GB) (Free:572.43 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5A8B7A23) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5A8B7A3B) Partition 1: (Not Active) - (Size=109.5 GB) - (Type=07 NTFS) ==================== End of log ============================ Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:36 on 16/08/2015 (Daniel) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... -=E.O.F=- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-08-16 12:10:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000075 ATA_____ rev.500_ 119,24GB Running: Gmer-19357.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\kwriikoc.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4b6764f3796 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4b6764f3796@64b3109a56f1 0x23 0xBF 0x85 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4b6764f3796 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4b6764f3796@64b3109a56f1 0x23 0xBF 0x85 0xA2 ... ---- EOF - GMER 2.1 ---- Code:
ATTFilter C:\Program Files (x86)\Google\Chrome\Application\chrome.dll Variante von Win32/ExtenBro.BK Trojaner C:\Users\Daniel\AppData\Local\Temp\DMR\dmr_72.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung D:\Bibliotheken\Downloads\Revo Uninstaller Portable - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung |
16.08.2015, 12:56 | #2 |
/// the machine /// TB-Ausbilder | "Ads by Discount Man" durch Trojan:Win32/Colisi.B? hi,
__________________Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
17.08.2015, 07:22 | #3 |
| "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Hallo schrauber,
__________________habe 2 Mal gescannt, beides Mal wurde er nicht fündig. Hier trotzdem die Logs 1. Scan: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.08.17.02 rootkit: v2015.08.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17843 Daniel :: DANIEL-LAPTOP [administrator] 17.08.2015 07:35:07 mbar-log-2015-08-17 (07-35-07).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 445431 Time elapsed: 10 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.08.17.02 rootkit: v2015.08.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17843 Daniel :: DANIEL-LAPTOP [administrator] 17.08.2015 07:48:30 mbar-log-2015-08-17 (07-48-30).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 445335 Time elapsed: 7 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
17.08.2015, 14:58 | #4 |
/// the machine /// TB-Ausbilder | "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {1687E894-4D95-4813-BDE6-1096B90ED626} - System32\Tasks\SubprogSplitter => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905} Task: C:\Windows\Tasks\SubprogSplitter.job => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.08.2015, 19:16 | #5 |
| "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Hier die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015 Ran by Daniel (2015-08-17 20:07:26) Run:1 Running from C:\Users\Daniel\Desktop\FRST Loaded Profiles: Daniel (Available Profiles: Daniel) Boot Mode: Normal ============================================== fixlist content: ***************** Task: {1687E894-4D95-4813-BDE6-1096B90ED626} - System32\Tasks\SubprogSplitter => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905} Task: C:\Windows\Tasks\SubprogSplitter.job => c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}\4680700327730883464b.exe <==== ATTENTION Emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687E894-4D95-4813-BDE6-1096B90ED626}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687E894-4D95-4813-BDE6-1096B90ED626}" => key removed successfully C:\Windows\System32\Tasks\SubprogSplitter => moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SubprogSplitter" => key removed successfully "c:\programdata\{b696ba41-44ec-d83c-b696-6ba4144ee905}" => File/Folder not found. C:\Windows\Tasks\SubprogSplitter.job => moved successfully. EmptyTemp: => 6.2 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 20:08:25 ==== |
18.08.2015, 11:08 | #6 |
/// the machine /// TB-Ausbilder | "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Chrome gemacht?
__________________ --> "Ads by Discount Man" durch Trojan:Win32/Colisi.B? |
18.08.2015, 16:41 | #7 |
| "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Ja, ich habe aber die 64-bit Version heruntergeladen und damit den Browser zurückgesetzt. Sollte ich dies mit der zuvor genutzten 32-bit Version machen oder ist das egal? |
19.08.2015, 07:49 | #8 |
/// the machine /// TB-Ausbilder | "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Das ist egal. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.08.2015, 09:17 | #9 |
| "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Nein momentan fällt mir nichts auf, scheint gut zu laufen. Kann ich nun den Laptop wieder nutzen ohne große Sorgen tragen zu müssen? :-D EDIT: Wenn ich mich auslogge und dann unregistriert im Forum surfe, wird diese Reimage-Repair Werbung eingeblendet. Zufall oder was Ernstes? Geändert von Bouncer999 (21.08.2015 um 09:53 Uhr) |
22.08.2015, 09:44 | #10 |
/// the machine /// TB-Ausbilder | "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Normal für nicht angemeldete Nutzer. Hast Du einen Adblocker im Einsatz?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.08.2015, 16:56 | #11 |
| "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Das Problem ist, dass immer dieselben 2-3 Werbungen eingeblendet werden und da die Reimage-Repair Werbung bekanntlich nicht seriös ist mach ich mir da schon Sorgen ob sich da nicht noch irgendwo was versteckt. Adblocker benutze ich keinen. |
23.08.2015, 07:31 | #12 |
/// the machine /// TB-Ausbilder | "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Dann installier mal ein Adblock Addon wie Adblock Edge und teste nochmal
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.08.2015, 08:29 | #13 |
| "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Mit Adblock erscheint keine Werbung mehr. Kann ich nun davon ausgehen, dass dies ganz reguläre Werbung war? Oder ist es möglich, dass diese auch durch ein Schadprogramm manipuliert wird? Ansonsten wär meine letzte Frage ob ich mich nun wieder sicher fühlen kann |
23.08.2015, 19:23 | #14 |
/// the machine /// TB-Ausbilder | "Ads by Discount Man" durch Trojan:Win32/Colisi.B? Nee, diese Werbung ist normal, deswegen gibt es ja Adblocker Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu "Ads by Discount Man" durch Trojan:Win32/Colisi.B? |
bonjour, browser, cpu, defender, desktop, device driver, dnsapi.dll, entfernen, error, fehler, flash player, google, internet, mozilla, popup, realtek, registry, revo uninstaller, rundll, security, services.exe, software, svchost.exe, system, trojan, udp, usb, windows |