![]() |
|
Log-Analyse und Auswertung: Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig Hallo, folgendes Problem liegt vor: 1) Werbung poppt auf, trotz AdBlock in Firefox Mozilla (Problem habe ich bei anderen PC nicht). gdata meldet im Popup junkware 2) Wörter mit Werbebezug sind blau und unterstrichen und es poppen dazu Sprechblasen auf 3) Virenscan mit Gdata kann das problem nicht beheben (logfile vom Scan wird nachgereicht....muss erst einen großen Scan machen, Leerlaufscan-Ergebnis steht unten) 4) Webseiten stürzen oft ab und können nicht verwendet werden 5) Mozilla Firefox startet unregelmäßig Ich hoffe ich habe alles richtig gemacht. Danke, dass ihr mir dabei helft! Schöne Grüße, PhiGammaTau Hier die Logs: 1) "defogger_disable" Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:28 on 08/05/2015 (Eli) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Already disabled -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01 Ran by Eli (administrator) on STICHLING on 08-05-2015 23:36:59 Running from C:\Users\Eli\Desktop Loaded Profiles: Eli (Available profiles: Eli & Administrator) Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe (G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated) HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-11] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-11] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.) HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [865088 2014-05-22] (Razer Inc) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452280-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452296-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-09] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] () ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:58471;https=127.0.0.1:58471 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC1C80B5C-CC13-4CF4-94EC-0091DCE2EC00&SearchSource=58&CUI=&UM=2&UP=SP20A5FFEC-637D-4059-827A-E240577FFCFC&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D012715-AE3372CAF8274412FA2F&form=CONBDF&conlogo=CT3330942&q={searchTerms} SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {7F40D5FC-8B38-4C2C-AC25-5E124CBCA051} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ac4bd0fa00000000000084a6c87778a7&r=62 SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {94047CC2-4EEE-43CC-9C7C-710AA7989960} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-08] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-08] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default FF DefaultSearchEngine: Google Default FF SelectedSearchEngine: Bing FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-08] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF SearchPlugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\searchplugins\google-default.xml [2015-01-31] FF Extension: Amazon-Icon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\amazon-icon@giga.de [2014-12-11] FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\donottrackplus@abine.com [2014-12-06] FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\sparpilot@sparpilot.com [2014-12-11] FF Extension: Mozilla Firefox Hotfixer - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\veggy@veggyAddon.com [2015-03-25] FF Extension: Zoom It - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5} [2015-05-08] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-01] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-03-01] FF Extension: html updater - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{058146b7-3c81-4daf-8d37-cdf20fd9af4e}.xpi [2015-01-13] FF Extension: NoScript - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-08] FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12] FF Extension: Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-01] FF Extension: Adblock Edge - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-01] FF HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-02] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Eli\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-12-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-02-20] (G Data Software AG) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation) R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed] R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-07] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-04-01] (G Data Software AG) S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG) R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-04-01] (G Data Software AG) R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-04-01] (G Data Software AG) R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230400 2015-04-01] (G Data Software AG) R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-04-01] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-04-01] (G Data Software AG) R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-03-01] (G Data Software) R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [124928 2015-04-01] (G Data Software AG) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation) R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia) S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc) S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-12] (Duplex Secure Ltd.) S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X] S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-08 23:33 - 2015-05-08 23:36 - 00046592 _____ () C:\Users\Eli\Desktop\Addition.txt 2015-05-08 23:31 - 2015-05-08 23:37 - 00026946 _____ () C:\Users\Eli\Desktop\FRST.txt 2015-05-08 23:30 - 2015-05-08 23:37 - 00000000 ____D () C:\FRST 2015-05-08 23:29 - 2015-05-08 23:29 - 02102272 _____ (Farbar) C:\Users\Eli\Desktop\FRST64.exe 2015-05-08 23:25 - 2015-05-08 23:28 - 00000520 _____ () C:\Users\Eli\Desktop\defogger_disable.log 2015-05-08 23:25 - 2015-05-08 23:25 - 00000020 _____ () C:\Users\Eli\defogger_reenable 2015-05-08 23:24 - 2015-05-08 23:24 - 00050477 _____ () C:\Users\Eli\Desktop\Defogger.exe 2015-05-07 18:18 - 2015-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-14 22:04 - 2015-04-14 22:04 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-08 23:34 - 2012-10-12 03:48 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat 2015-05-08 23:34 - 2012-10-12 03:48 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat 2015-05-08 23:34 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-08 23:32 - 2013-12-02 18:26 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002 2015-05-08 23:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-05-08 23:26 - 2013-12-02 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-08 23:26 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-08 23:25 - 2013-12-02 17:53 - 00000000 ____D () C:\Users\Eli 2015-05-08 23:25 - 2012-10-11 18:53 - 01944346 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-08 23:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-08 22:41 - 2013-12-17 11:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-05-08 18:28 - 2014-10-14 16:12 - 00000000 ____D () C:\Users\Eli\AppData\Local\Adobe 2015-04-22 12:35 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-04-15 14:37 - 2013-12-03 16:57 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-15 14:33 - 2013-12-06 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 14:33 - 2013-12-03 16:57 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-14 22:04 - 2013-12-17 11:24 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater ==================== Files in the root of some directories ======= 2013-12-02 18:15 - 2013-12-04 14:32 - 0003011 _____ () C:\Users\Eli\AppData\Roaming\AbsoluteReminder.xml 2014-10-16 13:37 - 2015-01-27 12:56 - 0000034 _____ () C:\Users\Eli\AppData\Roaming\AdobeWLCMCache.dat 2015-02-16 14:59 - 2015-02-16 14:59 - 0000000 _____ () C:\Users\Eli\AppData\Roaming\gdfw.log 2015-02-16 14:59 - 2015-02-16 14:59 - 0000779 _____ () C:\Users\Eli\AppData\Roaming\gdscan.log 2014-02-06 00:25 - 2014-02-06 00:25 - 0000784 _____ () C:\Users\Eli\AppData\Local\recently-used.xbel 2012-10-11 18:24 - 2012-10-11 18:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Eli\AppData\Local\Temp\amazonicon_v10.exe C:\Users\Eli\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Eli\AppData\Local\Temp\BackupSetup.exe C:\Users\Eli\AppData\Local\Temp\dufgmr4c.exe C:\Users\Eli\AppData\Local\Temp\EnableExtDll.dll C:\Users\Eli\AppData\Local\Temp\Gw2.exe C:\Users\Eli\AppData\Local\Temp\hcuninstaller_20141209_122126_4784.exe C:\Users\Eli\AppData\Local\Temp\installerdll354018595.dll C:\Users\Eli\AppData\Local\Temp\InstStub.exe C:\Users\Eli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Eli\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe C:\Users\Eli\AppData\Local\Temp\mpa04268.exe C:\Users\Eli\AppData\Local\Temp\MultisineV1.74.exe C:\Users\Eli\AppData\Local\Temp\nsa683D.exe C:\Users\Eli\AppData\Local\Temp\nsfD03.exe C:\Users\Eli\AppData\Local\Temp\nsg1D66.exe C:\Users\Eli\AppData\Local\Temp\nsi7DA8.exe C:\Users\Eli\AppData\Local\Temp\nsj6FD7.exe C:\Users\Eli\AppData\Local\Temp\nsmC563.exe C:\Users\Eli\AppData\Local\Temp\nso62CE.exe C:\Users\Eli\AppData\Local\Temp\nso7FEB.exe C:\Users\Eli\AppData\Local\Temp\nsp2528.exe C:\Users\Eli\AppData\Local\Temp\nsvC37D.exe C:\Users\Eli\AppData\Local\Temp\ose00000.exe C:\Users\Eli\AppData\Local\Temp\sdan.exe C:\Users\Eli\AppData\Local\Temp\sdapk.exe C:\Users\Eli\AppData\Local\Temp\sdaspwn.exe C:\Users\Eli\AppData\Local\Temp\Setup-Wacom.exe C:\Users\Eli\AppData\Local\Temp\SpOrder.dll C:\Users\Eli\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\Eli\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Eli\AppData\Local\Temp\vcredist_x64.exe C:\Users\Eli\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Eli\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Eli\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-02 15:02 ==================== End Of Log ============================ 3) Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01 Ran by Eli at 2015-05-08 23:37:32 Running from C:\Users\Eli\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2344629883-704184612-3672562925-500 - Administrator - Disabled) => C:\Users\Administrator Eli (S-1-5-21-2344629883-704184612-3672562925-1002 - Administrator - Enabled) => C:\Users\Eli Gast (S-1-5-21-2344629883-704184612-3672562925-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: G DATA INTERNET SECURITY (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: G DATA INTERNET SECURITY (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo) Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation) G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.2 - G DATA Software AG) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro) Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.) Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.) Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla) MultisineV1.74 (HKLM-x32\...\MultisineV1.74_is1) (Version: - SeDuTec) NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation) NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wajam (HKLM-x32\...\WIntEnhance) (Version: 2.23.2.5 (i2.6) - WIntEnhance) <==== ATTENTION Windows Driver Package - Lenovo Corporation (LAD) System (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation) Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) World of Tanks (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 01-05-2015 15:15:31 Windows Update 05-05-2015 03:00:02 Windows Update 08-05-2015 18:28:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {16FF2885-7253-4AA9-8852-2A473917C04A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {2E06458F-2C06-4D11-8917-ABBC1C4E85B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {335DCE13-5A9A-4E6E-9ADC-75723C6E2C88} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2344629883-704184612-3672562925-1002 Task: {468558C6-6142-46EE-AF56-C44F1020D56B} - System32\Tasks\AdobeAAMUpdater-1.0-Stichling-Eli => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated) Task: {56EDCD0C-A3CB-4D5A-A17C-4CCFF289CDF6} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION Task: {66FB7458-2ABA-44B1-AEF0-139A3D9446F4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {7B4EAAF4-BB23-4289-8328-E6270D2C1760} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation) Task: {935F9D2C-4CA3-42C1-9252-4194A934B0DD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel) Task: {AB0E2CCF-033D-4012-929E-9A75683D82F6} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] () Task: {BBF19BBA-B5BA-44C4-B597-00C9F440B7F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {DA5BCC5E-97CB-4BB2-B334-C36524E5D9E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated) Task: {ED4716DB-CC6A-4917-ADBF-295CE4E9EF84} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2014-03-11 17:54 - 2014-11-04 02:04 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2012-10-11 18:08 - 2014-11-04 00:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2014-06-02 23:07 - 2014-06-07 00:49 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2013-06-01 03:37 - 2013-06-01 03:38 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-08-23 05:37 - 2012-08-20 18:58 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-10-11 18:22 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2014-05-22 10:28 - 2014-05-22 10:28 - 00619328 _____ () C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenDevProps.dll 2012-10-11 18:40 - 2012-07-18 14:27 - 00021072 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll 2012-10-11 18:08 - 2014-11-04 02:04 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2013-12-08 21:02 - 2013-12-08 21:02 - 00017920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\d4b49cde56288aa4c132208d7aba2a82\PSIClient.ni.dll 2012-10-11 18:02 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxp://aeriagames.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "YouCam Tray" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "mcui_exe" HKLM\...\StartupApproved\Run32: => "YouCam Mirage" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "Aeria Ignite" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Updater" HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{FE411D01-488F-44D5-884E-5EE52559E311}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{36D5C3C9-1548-4F51-990F-0D36FA953832}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{AEF317AC-8B64-4CF9-AADD-16D722298F32}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{6116444F-39A2-481F-B28B-3C1EB4AC825A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{1A59A1C6-FFD0-412C-9967-F04508836AC6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{9D5E01DB-721D-4D5D-9144-9BD6B23E059C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{16C1F45C-C07B-4138-A651-7A529A97E91D}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3B63CCD4-1AB4-40D6-9BC0-AB1B6E0EE854}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0E82E8D3-14EB-4CBC-A93D-C754A6D75414}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{D625238B-8BCD-4FEE-BCF4-6FDCDD75086F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{3343CC8B-CC8B-417F-8660-1070B80E5D1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe FirewallRules: [{6296C6F2-1A61-4098-9793-EBD77FB7498E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe FirewallRules: [{B92E14C8-FE81-44E8-8CBD-18C5A30AB183}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{661054AE-A45C-4733-8F60-1E15E450B0C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [TCP Query User{23AEFC51-BEB2-4422-91DD-ACBCCF2110DA}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe FirewallRules: [UDP Query User{D68D57B4-3C61-43FB-AE82-0ED2D703490A}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe FirewallRules: [{A4FDD966-9ADB-4744-9A41-A2AEEE0CB660}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{C7E508E8-74E1-4749-B08C-E6C5D7E92042}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [TCP Query User{86AFCA5B-8EE3-4409-9A48-00B737F50B0D}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [UDP Query User{0A596237-E7FE-48EA-AE61-46CE6D25F34A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe FirewallRules: [TCP Query User{0AF7BEAF-5D1D-41E5-A959-4D51AA40FC84}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{FA933674-7934-4A80-B8A1-8726B63FC074}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe FirewallRules: [{00B4DBC3-4697-47A9-9906-CAB83DCAEE58}] => (Allow) E:\fsetup.exe FirewallRules: [{13F753FB-88EE-4A13-9F1F-C4E1811B6C09}] => (Allow) E:\fsetup.exe FirewallRules: [TCP Query User{26722D95-8E5D-425F-BB66-EF46D1D4B292}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{257EF4E8-F646-440D-BAE7-2FD915BF4AED}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe FirewallRules: [{BF20EADA-FEC5-43B2-8EF2-7EEE04AF104C}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe FirewallRules: [{BA9EE5F1-2565-4315-A71B-CFACAB374097}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe FirewallRules: [TCP Query User{D896DF0C-87E7-45B2-8F8F-18D29C7557EB}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{FBAE6EDA-2ECE-497A-AEEF-7E04FFB9F5D7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{83912FFF-3BCC-457A-B433-1D650BFE1201}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{56F1213B-665E-453A-B957-B15E742D7137}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{D4C394AF-CEA4-4787-A1B0-FE92195BC91B}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C27B5D62-4D23-45B8-831A-56CABA6352F7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe FirewallRules: [{D1EF3745-EF41-4BFC-8458-1DF98EC0866D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{FE281D1A-F13B-46FE-8D75-844F84019C34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [TCP Query User{6B3C3F2D-A0AF-403E-89F9-F82D97F7936B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{514C6518-DE3F-433D-B824-03D5988CC5CD}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [{AB5B0666-867F-4225-8921-C07822FD5F2C}] => (Allow) C:\Program Files (x86)\lol.launcher.exe FirewallRules: [{66EB7665-7D66-476F-8696-73B1659C9424}] => (Allow) C:\Program Files (x86)\lol.launcher.exe FirewallRules: [{7B144272-3233-4A58-A5E2-BD2985EC7DC9}] => (Allow) C:\Program Files (x86)\lol.launcher.exe FirewallRules: [{1556DDB9-D2F6-4AE4-9CB7-7431929F01A0}] => (Allow) C:\Program Files (x86)\lol.launcher.exe FirewallRules: [TCP Query User{2187DA8C-E595-4CE4-BF6D-56B5C9E7C596}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe FirewallRules: [UDP Query User{7CBA81A5-A638-4CF8-B071-98F871B357C3}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe FirewallRules: [TCP Query User{496CF561-D54C-49E8-82B3-1E6B99FA45E0}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe FirewallRules: [UDP Query User{F089B531-CED1-4A9F-B5FC-807F1872D5FA}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe FirewallRules: [TCP Query User{7484905A-547D-4BC9-BBEC-A86A7C6E46C0}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe FirewallRules: [UDP Query User{5A98C1FB-37B3-455D-BF16-09851618DF36}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe FirewallRules: [{0AFE21E2-9EC6-46A0-9C96-31AD30B5459B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{84F37044-DB78-401C-B848-D3F6ACAA92C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{06400E3E-1A60-4F8A-BF4F-DA79350980E9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{6773F3DE-36A9-4D3B-AB23-91D16F48EBAD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{682AB1D3-1F34-4D87-80B8-C4F8C45A7AD1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe FirewallRules: [{40A9BB0C-8A74-4402-A7C1-E061234C2593}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe FirewallRules: [{EAB95CBF-A945-4C20-80FF-8CD75EB87DA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{428888B3-34AF-481D-A128-DB2557E4B123}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{D6A55DF9-C885-4BFC-B076-81F14BA5232E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C97B8697-EDE1-4C9F-B2D9-64F18BC2BF7E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{18B66FF3-C5DC-4FDE-A4A8-64C9AA96171F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{E508085F-2BE0-4E7B-A226-FFC95FCB3C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{D394A1CD-0698-4949-A90D-C98B1DD36E0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{52F98722-C635-4E81-ADA8-70ED6FF5F6E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{E798E883-53B4-459D-812E-91997BA07996}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe FirewallRules: [UDP Query User{83665DEE-D6AE-49F2-A378-7093E023F5D9}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe FirewallRules: [{698B3957-6CC3-41CF-A021-3C78009DFE3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe FirewallRules: [{3ABD6377-71A1-435D-AFB3-2F11F84D2322}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe FirewallRules: [{F8566532-E41F-49DF-85B3-568CFEC07AFF}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe FirewallRules: [{C2D39783-211D-4EA4-B98A-3AAB6BFFC014}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe FirewallRules: [{31C5EA3D-1BD5-43E8-9181-35543B3BBF69}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe FirewallRules: [{88745C92-B63F-4347-BA8B-9CDD9C44A776}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe FirewallRules: [{EFF43167-5DA6-464A-B786-9274BBEB3DB2}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe FirewallRules: [{22840350-FF81-4BC5-9816-199C39A1EF20}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe FirewallRules: [{7453EB02-9626-4B99-BA59-5234F5AA9ACA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe FirewallRules: [{27E4C84F-6251-4C72-9CAF-60C52179FE9E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe FirewallRules: [{B65B71E3-0387-4F5D-ADAA-635F2351E05A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{21ABDC7C-1243-45BA-84F1-A1017F798BA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{43C24E91-C2F4-4BB8-94F5-C58C878E927D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{5578416F-51B9-4F43-A52A-CE71B608ED78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{93199FA7-EC52-4372-A19B-12052066419B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{E436FFDA-7958-462B-BC91-CD5E56A852B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{42CFDA77-27C2-4439-A97E-5A95E731FFD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{23964328-54B5-419C-8E8C-F91ED45CF60C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FA125EB3-6A25-45C6-9C81-DAE143991C42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{6EC81A98-3078-440D-B8A5-D5DD12BA54C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{F06BB976-5FFA-468B-AF69-AB09DAFE94C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{807FFE94-35C9-430E-BFC5-459E3BEF7FE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{ADF4A11C-3766-40EE-B6D3-AF7B8C50ECAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{26D12EFE-6D2F-4261-917A-B3D5CCDFCF69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{164102D1-6D64-49FB-ACD5-500B64E5C41C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{BFCC7624-EE53-42D8-AFD6-61483A15C9F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{5B721E22-3416-477C-9E7C-D00EE1FBA868}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{DEC44613-54DC-4AF9-A1FD-612608EBDB4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [TCP Query User{C31B1623-7B06-499A-9472-794F28657C18}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{12F8740B-A9DE-4C6C-921F-D29DA39927DD}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{7C585868-E860-4637-993B-00C3D39B8514}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe FirewallRules: [UDP Query User{0ACF76D8-F51D-41F1-8690-05C9B45272D8}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe FirewallRules: [TCP Query User{1853108B-2A2D-4265-81FB-11E4480BFDAF}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe FirewallRules: [UDP Query User{6C16FCF9-C7F1-4BFA-AE82-C601C1714F56}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe FirewallRules: [TCP Query User{AA7ECD86-2D59-47D8-A6A9-7A3382DB3930}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe FirewallRules: [UDP Query User{E1F55399-4AB8-4183-B065-18EC09B89A4B}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe FirewallRules: [{E0C220EB-1DE4-463B-83A5-C326BF8E2ED8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{C0F9D5DC-3336-40CA-B1E5-1CD8006AE313}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E613D5A4-C260-41F3-8243-471CFEC06721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe FirewallRules: [{35C017BE-675C-4396-9D1E-9123EC2A7569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe FirewallRules: [TCP Query User{DD7D7D1F-3372-4E19-8109-394A0486D174}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [UDP Query User{CB635730-436E-4A48-9AA0-9A5F211EE047}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [{48E1F13C-1635-4E41-8448-39853E6476EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{B49DEEB6-AE93-4911-8655-13AA917B846E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe FirewallRules: [{16789348-B2F0-436C-B0E7-FAE827AFEE39}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe FirewallRules: [{918A09DD-7E75-43D1-AE4C-1BA032F5B084}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe FirewallRules: [{75E50E1D-EC04-4BF2-AABF-FE36297B9D93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{A6D3D9AA-BC28-46E0-929C-F765E6A561A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{D9393403-52E2-444E-8C1D-86C282B95F3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{64E61C68-111F-4EEA-930B-D3053C29889E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [TCP Query User{59999FBA-2AC3-475A-BF91-E1EF1E7247B2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe FirewallRules: [UDP Query User{9A015A14-72EE-456F-980A-60A303DA91C2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe FirewallRules: [TCP Query User{85690F6D-B45A-4B8B-8DE3-4684C45740DC}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{82457885-B5E3-461C-9EBC-EF0DD33D6920}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{68834CFE-5C93-41BB-9341-3DDA1AE12CD8}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{7A457934-AEB7-4F11-A04B-0F47B82DE927}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [{75D3ACB4-BA02-4E8A-85B8-CA9617DE3804}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A10AA34C-5023-472F-A325-CC0254B2E438}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9E0EF15E-E13C-46AE-8F2E-956CC04A033B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AD510CB2-E8CD-49B0-A2A7-C0DC245A2607}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9C805CD0-8D14-4BE1-ABDC-8DC5432E3542}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B4C5F175-A71D-460B-9786-09AFDCC41CF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DAA907E0-5157-484A-86E7-45A5C5F74132}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Faulty Device Manager Devices ============= Name: USB-IF xHCI USB Host Controller Description: USB-IF xHCI USB Host Controller Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee} Manufacturer: Intel Corporation Service: XHCIPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (05/08/2015 11:37:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:37:23Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:36:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:36:53Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:36:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:36:23Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:35:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:35:53Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:35:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:35:23Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:34:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:34:53Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:34:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:34:23Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:33:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:33:53Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:33:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:33:23Z. Fehlercode: 0x80041316. Error: (05/08/2015 11:32:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:32:53Z. Fehlercode: 0x80041316. System errors: ============= Error: (05/07/2015 05:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802) Error: (05/07/2015 05:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872) Error: (05/06/2015 02:40:48 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (05/04/2015 02:03:15 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (05/02/2015 03:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802) Error: (05/02/2015 03:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872) Error: (05/01/2015 04:44:16 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error: (04/30/2015 07:24:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802) Error: (04/30/2015 07:24:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872) Error: (04/26/2015 04:54:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802) Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Percentage of memory in use: 40% Total physical RAM: 8050.48 MB Available physical RAM: 4776.98 MB Total Pagefile: 10610.48 MB Available Pagefile: 6923.73 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:540.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.89 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 22.4 GB) (Disk ID: C1CDA268) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 698.6 GB) (Disk ID: C1CDA275) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-05-08 23:45:03 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\00000044 WDC_WD7500BPVT-24HXZT3 rev.03.01A03 698,64GB Running: Gmer-19357.exe; Driver: C:\Users\Eli\AppData\Local\Temp\uwloipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 000007fcd541257c 8 bytes JMP 000007fdd5090340 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 000007fcd5416b10 1 byte JMP 000007fdd5090298 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW + 2 000007fcd5416b12 7 bytes {JMP 0xffffffffffc79788} .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 000007fcd5495778 7 bytes JMP 000007fdd5090260 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 000007fcd54b1564 7 bytes JMP 000007fdd50902d0 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fcd54c40e4 7 bytes JMP 000007fdd5090228 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fcd54c4178 8 bytes JMP 000007fdd50901f0 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 000007fcd54c479c 8 bytes JMP 000007fdd5090308 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 000007fcd50a28a0 7 bytes JMP 000007fdd50900d8 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 000007fcd50a28e8 5 bytes JMP 000007fdd5090180 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 000007fcd50bf590 6 bytes JMP 000007fdd5090148 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 000007fcd50bf8ac 5 bytes JMP 000007fdd5090110 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 000007fcd50eaa40 5 bytes JMP 000007fdd50901b8 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 000007fcd7d6c5b0 7 bytes JMP 000007fdd5090420 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fcd7d731f0 1 byte JMP 000007fdd5090378 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 000007fcd7d731f2 7 bytes {JMP 0xfffffffffd31d188} .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 000007fcd7d733e0 5 bytes JMP 000007fdd50903e8 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 000007fcd7d745d0 5 bytes JMP 000007fdd5090458 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 000007fcd7d77160 5 bytes JMP 000007fdd50903b0 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fcd5ed1070 8 bytes JMP 000007fdd50904c8 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fcd5ef0c10 8 bytes JMP 000007fdd5090490 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 000007fcd2e16d10 5 bytes JMP 000007fdd2a50110 .text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 000007fcd2e1d060 5 bytes JMP 000007fdd2a500d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fccb451b32 4 bytes [45, CB, FC, 07] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fccb451b3a 4 bytes [45, CB, FC, 07] .text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fccb451b32 4 bytes [45, CB, FC, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fccb451b3a 4 bytes [45, CB, FC, 07] .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1664] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1664] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6300] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6300] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6612] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6612] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07] .text C:\Program Files\iTunes\iTunesHelper.exe[4956] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fccb451b32 4 bytes [45, CB, FC, 07] .text C:\Program Files\iTunes\iTunesHelper.exe[4956] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fccb451b3a 4 bytes [45, CB, FC, 07] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [620:644] fffff960008655e8 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- EOF - GMER 2.1 ---- 5) Gdata Leerlaufscan-Ergebnis Leerlauf-Scan wurde erfolgreich durchgefürt: 333783 Dateien überprüft. Keine infizierten Dateien gefunden. |