| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 3. Laptop nun auch infiziert? Ton geht nicht, und Avira war deaktiviertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.06.2015, 11:34
| #1 |
 |  3. Laptop nun auch infiziert? Ton geht nicht, und Avira war deaktiviert Hallo wieder einmal, unser 3. Laptop, den meine Tochter benutzt, reagiert auch auffällig: Ton auf Youtube wird nicht mehr wiedergegeben, Avira hat sich von allein deaktiviert. frst: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by Coco xD (administrator) on COSPC on 20-06-2015 11:49:32 Running from C:\Users\Coco xD\Downloads Loaded Profiles: Coco xD & (Available Profiles: Coco xD) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Program Files (x86)\T-Mobile\InternetManager_A\BackgroundService\ServiceManager.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Akamai Technologies, Inc.) C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe () C:\Program Files (x86)\T-Mobile\InternetManager_A\Background\ModemListener.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Akamai Technologies, Inc.) C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (FK2) C:\Windows\SysWOW64\svchospt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Avira Operations GmbH & Co. KG) C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\update.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe () C:\Program Files (x86)\Opera\29.0.1795.47\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Opera Software) C:\Program Files (x86)\Opera\29.0.1795.47\opera.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [976032 2011-09-16] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-16] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [T-Mobile ModemListener] => C:\Program Files (x86)\T-Mobile\InternetManager_A\Background\ModemListener.exe [114040 2013-01-11] () HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-06-13] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [svchospt] => C:\Windows\SysWOW64\svchospt.exe [913408 2014-05-03] (FK2) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1690209641-3373620738-964198196-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\NDSSAV~1.SCR HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\NDSSAV~1.SCR HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Akamai NetSession Interface] => C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\NDSSAV~1.SCR HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Akamai NetSession Interface] => C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\NDSSAV~1.SCR HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Run: [Akamai NetSession Interface] => C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\NDSSAV~1.SCR HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Run: [Akamai NetSession Interface] => C:\Users\Coco xD\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\NDSSAV~1.SCR HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Corinna Heindel\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] () HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Akamai NetSession Interface] => C:\Users\Corinna Heindel\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] () HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-02-21] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk [2015-02-19] ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) GroupPolicyUsers\S-1-5-21-1690209641-3373620738-964198196-1000\User: Group Policy Restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-1690209641-3373620738-964198196-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-1690209641-3373620738-964198196-1000] ATTENTION ==> Default URLSearchHook is missing URLSearchHook: [S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing URLSearchHook: [S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing URLSearchHook: [S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2] ATTENTION ==> Default URLSearchHook is missing URLSearchHook: [S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3] ATTENTION ==> Default URLSearchHook is missing URLSearchHook: [S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4] ATTENTION ==> Default URLSearchHook is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-21] (Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-13] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-09-16] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Coco xD\AppData\Roaming\Mozilla\Firefox\Profiles\vxn85ufv.default FF SearchEngineOrder.3: Bing FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-13] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-13] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-30] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2015-04-24] (Nexon) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-13] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1690209641-3373620738-964198196-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Coco xD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Coco xD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Coco xD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Coco xD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Coco xD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Coco xD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS) FF Extension: Amazon-Icon - C:\Users\Coco xD\AppData\Roaming\Mozilla\Firefox\Profiles\vxn85ufv.default\Extensions\amazon-icon@giga.de [2014-12-17] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02] CHR Extension: (Google Drive) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02] CHR Extension: (No Name) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02] CHR Extension: (Google Search) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02] CHR Extension: (Avira Browser Safety) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-11] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-20] CHR Extension: (Google Wallet) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10] CHR Extension: (Amazon) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2014-12-17] CHR Extension: (Gmail) - C:\Users\Coco xD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Coco xD\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-12-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-06-13] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-06-13] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-06-13] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-06-13] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-16] (Atheros Commnucations) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] () R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Modem Device Helper; C:\Program Files (x86)\T-Mobile\InternetManager_A\BackgroundService\ServiceManager.exe [51576 2013-01-11] () [File not signed] R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-20] (Electronic Arts) S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AlcatelOTDCWwan; C:\Windows\System32\DRIVERS\AlcatelOTDCWwan.sys [159744 2013-01-11] (TCT International Mobile Ltd.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2013-01-11] (Windows (R) Codename Longhorn DDK provider) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-06-13] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-06-13] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [123776 2013-01-11] (TCT International Mobile Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-05-13] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia) R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2014-04-06] () S3 StMp3Recx64; C:\Windows\System32\Drivers\StMp3Recx64.sys [26112 2007-01-12] (Generic) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 cybyjmwm; System32\drivers\ghscv.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-20 11:13 - 2015-06-20 11:32 - 00059803 _____ C:\Users\Coco xD\Downloads\Addition.txt 2015-06-20 11:10 - 2015-06-20 11:49 - 00036016 _____ C:\Users\Coco xD\Downloads\FRST.txt 2015-06-20 11:00 - 2015-06-20 11:49 - 00000000 ____D C:\FRST 2015-06-20 10:59 - 2015-06-20 11:00 - 02109952 _____ (Farbar) C:\Users\Coco xD\Downloads\FRST64 (1).exe 2015-06-20 10:59 - 2015-06-20 10:59 - 02109952 _____ (Farbar) C:\Users\Coco xD\Downloads\FRST64.exe 2015-06-13 09:45 - 2015-06-13 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-20 11:03 - 2013-07-23 19:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-20 11:03 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-20 11:03 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-20 11:00 - 2014-11-27 16:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-20 10:20 - 2009-07-14 06:51 - 00084353 _____ C:\Windows\setupact.log 2015-06-20 10:03 - 2014-11-27 16:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-20 09:41 - 2013-07-23 19:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-20 09:41 - 2013-07-23 19:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-20 09:41 - 2011-10-20 11:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-13 10:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-13 09:58 - 2014-11-12 22:24 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415823873 2015-06-13 09:58 - 2013-09-24 18:42 - 00000000 ____D C:\Program Files (x86)\Opera 2015-06-13 09:56 - 2014-11-27 16:44 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-06-13 09:55 - 2014-11-27 16:44 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-06-13 09:42 - 2014-06-01 16:51 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-06-13 09:42 - 2014-06-01 16:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys ==================== Files in the root of some directories ======= 2014-04-06 11:20 - 2014-04-06 11:20 - 0001031 _____ () C:\Program Files\WinRAR.lnk 2014-04-06 14:58 - 2014-04-06 14:58 - 0001181 _____ () C:\Users\Coco xD\AppData\Roaming\trace_FilterInstaller.txt 2014-04-06 14:58 - 2014-04-06 14:58 - 0000000 _____ () C:\Users\Coco xD\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2014-01-18 16:47 - 2014-05-08 08:15 - 0000139 _____ () C:\Users\Coco xD\AppData\Roaming\WB.CFG 2014-10-13 17:35 - 2014-10-13 17:35 - 0006558 _____ () C:\Users\Coco xD\AppData\Local\HWVendorDetection.log 2015-04-23 19:19 - 2015-04-23 19:19 - 0003364 _____ () C:\Users\Coco xD\AppData\Local\recently-used.xbel 2013-10-04 16:27 - 2015-03-03 22:55 - 0017408 _____ () C:\Users\Coco xD\AppData\Local\WebpageIcons.db 2013-07-21 17:48 - 2013-07-21 17:50 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log Some files in TEMP: ==================== C:\Users\Coco xD\AppData\Local\Temp\avgnt.exe C:\Users\Coco xD\AppData\Local\Temp\NGMSetup.exe C:\Users\Coco xD\AppData\Local\Temp\Quarantine.exe C:\Users\Coco xD\AppData\Local\Temp\sqlite3.dll C:\Users\Corinna Heindel\AppData\Local\Temp\avgnt.exe C:\Users\Corinna Heindel\AppData\Local\Temp\NGMDll.dll C:\Users\Corinna Heindel\AppData\Local\Temp\NGMResource.dll C:\Users\Corinna Heindel\AppData\Local\Temp\SkypeSetup.exe C:\Users\Corinna Heindel\AppData\Local\Temp\unicows.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 23:49 ==================== End of log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Coco xD at 2015-06-20 11:13:32
Running from C:\Users\Coco xD\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1690209641-3373620738-964198196-500 - Administrator - Disabled)
Coco xD (S-1-5-21-1690209641-3373620738-964198196-1000 - Administrator - Enabled) => C:\Users\Coco xD
Gast (S-1-5-21-1690209641-3373620738-964198196-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1690209641-3373620738-964198196-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
A Vampyre Story (HKLM-x32\...\A Vampyre Story) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D72BF42-E249-4EB7-CC4C-8CC09DAB180B}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.96 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
ccc-core-static (x32 Version: 2011.0208.2202.39516 - Ihr Firmenname) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.5.149.1020 - Electronic Arts Inc.)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
IMVU Avatar Chat Software (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\IMVU Avatar chat client software BETA) (Version: - )
IMVU Avatar Chat Software (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\IMVU Avatar chat client software BETA) (Version: - )
IMVU Avatar Chat Software (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\IMVU Avatar chat client software BETA) (Version: - )
IMVU Avatar Chat Software (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\IMVU Avatar chat client software BETA) (Version: - )
IMVU Avatar Chat Software (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\IMVU Avatar chat client software BETA) (Version: - )
IMVU Avatar Chat Software (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\IMVU Avatar chat client software BETA) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Manager (HKLM-x32\...\Internet Manager_is1) (Version: - TCT Mobile Limited)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version: 3.37 - NCH Software)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SoundTap Audiostream-Rekorder (HKLM-x32\...\SoundTap) (Version: 2.27 - NCH Software)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SRWare Iron Version SRWare Iron 41.2200.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 41.2200.0 - SRWare)
Star Stable (HKLM-x32\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB)
TeamSpeak 3 Client (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Unity Web Player (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Viber (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
Viber (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
Viber (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
Viber (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
Viber (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
Viber (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.71 - NCH Software)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zattoo Live TV (HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\6d7aa3e3bf931c56) (Version: 1.0.0.47 - Zattoo Europa AG)
Zattoo Live TV (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\6d7aa3e3bf931c56) (Version: 1.0.0.47 - Zattoo Europa AG)
Zattoo Live TV (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\6d7aa3e3bf931c56) (Version: 1.0.0.47 - Zattoo Europa AG)
Zattoo Live TV (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\6d7aa3e3bf931c56) (Version: 1.0.0.47 - Zattoo Europa AG)
Zattoo Live TV (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\6d7aa3e3bf931c56) (Version: 1.0.0.47 - Zattoo Europa AG)
Zattoo Live TV (HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\6d7aa3e3bf931c56) (Version: 1.0.0.47 - Zattoo Europa AG)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
30-04-2015 23:07:57 Entfernt TheSims3EP11
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-05-28 18:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {003F91E1-EADC-4D04-8255-E6EEEF4D47C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08EFB63E-D51A-4D88-B215-034750D78872} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-25] (Microsoft Corporation)
Task: {1B542EBA-E963-47FC-B88A-9AFDF3FA2DE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: {1BAECAB5-8A1E-42CA-9906-CA17087CE6B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1BD0F867-1362-4F2E-B6F8-38B6F4C14693} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {290A6F26-5E90-47D3-B8DA-C13106677469} - System32\Tasks\{71D1473C-4B44-4D63-BC3F-EC98A96C447B} => pcalua.exe -a "C:\Users\Coco xD\Downloads\worldtool (1).exe" -d "C:\Users\Coco xD\Downloads"
Task: {4182A4FA-3039-4B5C-99F7-27F73D94B464} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {4E63C45F-403E-4F37-8491-BF660FAA7A1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {754CD365-1F4D-4C78-9813-9B62E223E05F} - System32\Tasks\Opera scheduled Autoupdate 1380040932 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {83BCD348-31D6-4CCC-AC4E-6ECFB42E42EB} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {84559A96-256D-4B78-866F-34556063391F} - System32\Tasks\Opera scheduled Autoupdate 1415823873 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {89C687CF-5680-4F6A-ADB3-784398C37371} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {9043FC88-A151-45BB-B675-3404A4220DCE} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {A873D2EE-29A9-437F-BAB0-CFA88CC7750A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-20] (Adobe Systems Incorporated)
Task: {B7CB8CAA-CEE8-4CAD-BF91-2C132DF86D9E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {BE7D7F28-8D13-4EB2-8729-DF8EBAA99110} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {C85C0138-157D-45EB-B97F-D73BFDCCEB69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-08-05 08:15 - 2013-08-05 08:15 - 00070712 _____ () C:\Windows\system32\bdmpega64.acm
2014-03-21 15:17 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-17 00:34 - 2014-05-17 00:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2013-08-27 11:01 - 2013-01-11 14:27 - 00051576 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_A\BackgroundService\ServiceManager.exe
2014-07-16 11:24 - 2014-07-16 11:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-08-27 11:01 - 2013-01-11 15:00 - 00114040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_A\Background\ModemListener.exe
2015-04-29 16:33 - 2015-04-29 16:32 - 00479352 _____ () C:\Program Files (x86)\Opera\29.0.1795.47\opera_crashreporter.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-17 02:11 - 2014-05-17 02:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-05-05 07:49 - 2005-11-27 21:06 - 00360448 _____ () C:\Windows\SysWow64\CoolXPLabel.ocx
2015-05-05 07:49 - 2005-11-27 21:07 - 00491520 _____ () C:\Windows\SysWow64\CoolXPButton.ocx
2015-05-05 07:49 - 2005-11-27 21:07 - 00417792 _____ () C:\Windows\SysWow64\CoolXPCombo.ocx
2014-10-24 20:47 - 2014-10-24 20:47 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2011-10-20 10:18 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-04-29 16:33 - 2015-04-29 16:23 - 01576568 _____ () C:\Program Files (x86)\Opera\29.0.1795.47\libglesv2.dll
2015-04-29 16:33 - 2015-04-29 16:23 - 00081016 _____ () C:\Program Files (x86)\Opera\29.0.1795.47\libegl.dll
2015-06-13 10:27 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-13 10:27 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2014-07-16 11:21 - 2014-07-16 11:21 - 00611128 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUKernel.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00152888 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBasic.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00820024 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MainControls.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00119096 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUTransl.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00161080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PerlRegEx.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00210744 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\XMLComponents.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00449848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\GR32_D6.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00129336 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SchedAgent_2007.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00335672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUCompression.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\DEC.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00493368 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Html.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ntrtl60.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00458040 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PowerManager.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00470328 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysInfo.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00656184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MSI_D6.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00144184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIcoEngineerDirTree.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00076600 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShell.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00068408 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysControls.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00215864 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ProgramRating.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00423224 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VisControls.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00033080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBase.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 01145144 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarD12.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00044856 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxCoreD12.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00016184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxComnD12.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00055608 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxThemeD12.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00852280 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cxLibraryD12.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00069944 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxGDIPlusD12.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00154424 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cefcomponent.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00278840 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\AppInitialization.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShredder.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00632632 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDiskCleanerClass.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00092984 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApps.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TURar.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00489272 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Traces.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00083256 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUOperaClass.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00047928 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApplications.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUSafariClass.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00140088 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\CommonForms.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00609080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VirtualTreesR.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00065848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIECacheClass.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00103224 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDefragClient.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00962872 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TuningWizard.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00107320 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Internet.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00207672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarExtItemsD12.bpl
2014-07-16 11:22 - 2014-07-16 11:22 - 00289080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\RegCleaner.bpl
2014-07-16 11:21 - 2014-07-16 11:21 - 00023864 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\IEControl.bpl
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:AD022376
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1690209641-3373620738-964198196-1000\...\100sexlinks.com -> 100sexlinks.com
There are 5317 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1690209641-3373620738-964198196-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Control Panel\Desktop\\Wallpaper -> C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Control Panel\Desktop\\Wallpaper -> C:\Users\Coco xD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Corinna Heindel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Corinna Heindel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1690209641-3373620738-964198196-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Corinna Heindel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{56FD1BD5-F6D0-4AFE-A412-15BEBDCEB113}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8AC469C7-FB13-4AF2-9FBD-41373226DD28}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DE312465-1B28-42EB-A3C2-BC11CA863D1A}] => (Allow) LPort=2869
FirewallRules: [{F6B33FAD-DE9D-46DA-9878-3D2D9228C87C}] => (Allow) LPort=1900
FirewallRules: [{66B0C3D7-6A90-416C-AB88-FDB6C51642FE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{33F5DFC4-ECDC-4533-91C1-07FEB8B2C61B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{EFE96374-72E7-4289-984F-3E728B7344A0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{57CB52DB-6B88-4E84-98D8-691E9B749A66}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{0705E25C-7EF9-4B05-8891-31670152DDD6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{E2B7DCFD-4BC0-401A-A2BB-DF77CDC78D9B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9E878519-126F-4774-A563-7709F2D2CF79}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D30088DC-B473-4CD6-8155-BFE5A5C92188}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{F81EB167-47FA-4CAF-BBE3-2D9949189C59}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{EC4576A1-E8CF-4890-8574-B0BAB26B4CED}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{771D7E85-1CF6-497D-BD03-648610788BBF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4F148362-8A60-4E00-9B24-500318FB52D0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AF3B8A5B-309C-4AE2-987A-3DC5A53BC356}] => (Allow) C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{8793D92E-3A11-489A-909C-784FE890C4AD}] => (Allow) C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{964DDD41-AAD5-43F3-8188-94151983BF72}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60D02BB7-6035-4280-A8C1-70165476A9A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6A8739E5-F739-4CE0-9A09-BD952CE4F28D}] => (Allow) C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{748621B7-8059-4967-B52B-D3C5DEF046D7}] => (Allow) C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{598105C9-AA41-40C1-B277-C3F94CE4AC37}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{E456E6A8-D42B-40B3-8C69-6271FE4FC8A7}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe
FirewallRules: [{500C6D28-63B9-4D81-B284-64637F7EF6FF}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{1EAEF093-C49C-41A3-A1AB-D8F594D542BD}] => (Allow) C:\Users\Coco xD\AppData\Local\Viber\Viber.exe
FirewallRules: [{788B89DC-2457-49F1-8F09-BAD9A071DDE6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{945EE505-C4B2-4274-890C-245A54144634}] => (Allow) C:\Program Files (x86)\NCH Software\BroadWave\broadwave.exe
FirewallRules: [{AF8B229F-350B-4C95-B342-26055D0D8127}] => (Allow) C:\Program Files (x86)\NCH Software\BroadWave\broadwave.exe
FirewallRules: [{9118306D-7BA9-4614-954E-1B67AB676A41}] => (Allow) C:\Program Files (x86)\NCH Software\BroadWave\broadwave.exe
FirewallRules: [{7021C64E-B618-4A7F-B44A-46D86F51E3E3}] => (Allow) C:\Program Files (x86)\NCH Software\BroadWave\broadwave.exe
FirewallRules: [{44134073-CBD6-414C-B8A7-9E1773922EB8}] => (Allow) C:\Program Files (x86)\NCH Software\BroadWave\broadwave.exe
FirewallRules: [{144104EE-09D5-4D2D-A9BD-9C9F94C8FA84}] => (Allow) C:\Program Files (x86)\NCH Software\BroadWave\broadwave.exe
FirewallRules: [{EA8BEC12-5E74-4247-97EF-B4CEF78EB16C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{C80B8460-E982-4440-A807-0FC207D2A119}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [TCP Query User{9EFE214C-2BAA-436D-8F67-04F1C7972076}C:\users\corinna heindel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\corinna heindel\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{319758F8-1101-4576-AC5A-838CA4288067}C:\users\corinna heindel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\corinna heindel\appdata\local\akamai\netsession_win.exe
FirewallRules: [{EDB437CB-E45A-47F8-9971-3D86166D147D}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{92121AD6-877E-451C-B49D-A19BE690F48D}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{77F4A1E3-B7AB-4716-94CF-F1FFA5A07DD5}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [{81868A17-E2DE-4880-BA08-CADEF0A7DCD8}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [TCP Query User{55079BCD-75CE-4FD8-BDAF-4B3ED272D93C}C:\nexon\combat arms eu\engine.exe] => (Allow) C:\nexon\combat arms eu\engine.exe
FirewallRules: [UDP Query User{E6288B80-D402-479E-9DEA-C77CE034B963}C:\nexon\combat arms eu\engine.exe] => (Allow) C:\nexon\combat arms eu\engine.exe
FirewallRules: [TCP Query User{1BB35FE0-1337-4FB9-90A8-187EC28CC5BD}C:\users\coco xd\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\coco xd\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{CC9581A3-22C8-49D4-A552-8197DC6FEB24}C:\users\coco xd\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\coco xd\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{727375FD-9938-4D54-A15C-59D6D09AECFE}C:\users\coco xd\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\coco xd\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{51A7F09A-66F7-4BE0-A8B1-5A9E323968F2}C:\users\coco xd\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\coco xd\appdata\local\akamai\netsession_win.exe
FirewallRules: [{8CA82EB2-B2A9-443A-A713-11B4A1C57CDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9FB97F43-2321-4693-B7C5-A9E78211E6DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CD293BCC-E262-480D-B4F8-777C20ADEAC0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3923B1F2-6C25-45CD-9431-C77BD3513E16}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFD336B8-A658-42AA-B66A-A490B97C262C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{725D6FAD-303F-4655-B29E-9FED9EE51E70}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{2CDED98D-167F-4833-B3CC-E5DCCA638249}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [TCP Query User{78714697-AA16-4AAF-824D-A9F19A535BDC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{30800174-07FF-48B7-8E6D-52E0752AFC21}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7E8D3F62-717F-4907-A955-20C14B5FEA4A}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{0CE69767-9A20-4C9A-B90A-1FC71C267FD1}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [TCP Query User{19CCDEDC-3A39-43DB-98B3-09216FF184F9}C:\users\corinna heindel\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\corinna heindel\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3B84AE7C-C838-4FA8-A2D6-50216D8F1DD7}C:\users\corinna heindel\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\corinna heindel\appdata\local\akamai\netsession_win.exe
FirewallRules: [{103B08D0-9749-4B38-A34B-25BAF4F63DCA}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{2631DA63-7FAD-46E5-BADC-031C40267110}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{9EF69BA0-7D0F-49BC-94A3-956D4A48CE45}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{27EF8AE1-C2B1-42FE-B83B-C63AE2A3B473}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EDEE9979-848A-4C57-A77F-E16DA1660373}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CF4D8F06-07EA-4BE5-9B56-F05199ED453F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{3BEE6B2E-0B27-4A30-B91F-CDAAB5EE3F3F}C:\windows\syswow64\svchospt.exe] => (Allow) C:\windows\syswow64\svchospt.exe
FirewallRules: [UDP Query User{0BD91BE4-AC73-4C1D-8813-1C7A789DAD5D}C:\windows\syswow64\svchospt.exe] => (Allow) C:\windows\syswow64\svchospt.exe
FirewallRules: [{A3B235A4-DAEA-4DDF-97A6-470DE10F9DFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Nexon\Combat Arms EU\CombatArms.exe] => :*Enabled:CombatArms.exe
DomainProfile\AuthorizedApplications: [C:\Nexon\Combat Arms EU\Engine.exe] => :*Enabled:Engine.exe
StandardProfile\AuthorizedApplications: [C:\Nexon\Combat Arms EU\CombatArms.exe] => :*Enabled:CombatArms.exe
StandardProfile\AuthorizedApplications: [C:\Nexon\Combat Arms EU\Engine.exe] => :*Enabled:Engine.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/20/2015 10:21:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 15.0.10.430 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1668
Startzeit: 01d0ab30703dcc5c
Endzeit: 60000
Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
Berichts-ID: 21d02e79-1725-11e5-9e09-dc0ea11955b5
Error: (06/20/2015 09:56:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32900
Error: (06/20/2015 09:56:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32900
Error: (06/20/2015 09:56:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/20/2015 09:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23041
Error: (06/20/2015 09:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23041
Error: (06/20/2015 09:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/20/2015 09:56:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8283
Error: (06/20/2015 09:56:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8283
Error: (06/20/2015 09:55:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/20/2015 09:40:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (06/20/2015 09:40:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.
Error: (06/20/2015 09:40:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.
Error: (06/20/2015 09:39:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.
Error: (06/14/2015 08:57:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.
Error: (05/08/2015 08:57:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/08/2015 08:50:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cybyjmwm
Error: (05/08/2015 08:49:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/03/2015 11:38:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/03/2015 11:27:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cybyjmwm
Microsoft Office:
=========================
Error: (06/20/2015 10:21:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe15.0.10.430166801d0ab30703dcc5c60000C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe21d02e79-1725-11e5-9e09-dc0ea11955b5
Error: (06/20/2015 09:56:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32900
Error: (06/20/2015 09:56:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32900
Error: (06/20/2015 09:56:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/20/2015 09:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23041
Error: (06/20/2015 09:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23041
Error: (06/20/2015 09:56:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/20/2015 09:56:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8283
Error: (06/20/2015 09:56:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8283
Error: (06/20/2015 09:55:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-05-28 18:06:27.661
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-28 18:06:27.616
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 70%
Total physical RAM: 4077.86 MB
Available physical RAM: 1211.37 MB
Total Pagefile: 8153.91 MB
Available Pagefile: 3773.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:308.25 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2018BB1A)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)
==================== End of log ============================
|
| Themen zu 3. Laptop nun auch infiziert? Ton geht nicht, und Avira war deaktiviert |
| akamai, antivirus, avira, bonjour, browser, combofix, converter, desktop, failed, flash player, google, home, hotspot, iexplore.exe, launch, mozilla, programm, realtek, registry, rundll, scan, security, software, svchost.exe, system, usb, windows |
Baum-Darstellung