Penelope8282 | 16.06.2015 11:10 | Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sonne (administrator) on HARLEY-DAVIDSON on 16-06-2015 11:49:59
Running from C:\Users\Sonne\Desktop
Loaded Profiles: Sonne & (Available Profiles: Sonne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dummy, Ltd.) C:\Users\Sonne\Desktop\Robin Schulz feat Ilsey Headlights_10924_i20570157_il345.exe
() C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe
(DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(NavRight) C:\ProgramData\NavRight\NavRight.exe
(NavRight) C:\ProgramData\NavRight\NavRight.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
() C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-10.exe
(Windows APP) C:\Program Files (x86)\Rs\Rs.exe
() C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-1-6.exe
() C:\Program Files (x86)\CinemaPlus_1.3dV15.06\e2db6740-b937-4041-963f-f478680e12ae-1-6.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRealTimeSpeedup.exe
(XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\MiuiTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\MiuiTab\HPNotify.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe
(OldTimer Tools) C:\Users\Sonne\Desktop\Programme\PC Reinigung\TFC.exe
(OldTimer Tools) C:\Users\Sonne\Desktop\Programme\PC Reinigung\TFC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PfNet] => C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-24] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-15] (Windows APP)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe [355296 2015-06-15] (Tencent)
HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\rstray.exe [111000 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [905728 2015-06-03] (FlashBeat)
AppInit_DLLs: C:\ProgramData\NavRight\NavRight64.dll => C:\ProgramData\NavRight\NavRight64.dll [905216 2015-06-03] (NavRight)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [630784 2015-06-03] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\NavRight\NavRight32.dll => C:\ProgramData\NavRight\NavRight32.dll [629248 2015-06-03] (NavRight)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-04-02]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll [2015-06-15] (Tencent)
BootExecute: autocheck autochk * bsmain
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1434380103&z=833811e1498f7d057639aafgfzbc3zfc5bae1gfe3w&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {ABEC6EA7-E055-4279-AEF4-75C6572FA32E} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=dspp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ABEC6EA7-E055-4279-AEF4-75C6572FA32E} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR&ts=1434380175&type=default&q={searchTerms}
BHO: No Name -> {2BF6CDAE-6D19-44ED-9035-D44BA7CD20C5} -> No File
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSWebMon64.dat [2015-06-15] (Tencent)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-12] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-27] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: hxxp://www.oursurfing.com/?type=hppp&ts=1434379618&z=d9e38f9a987bfbe67f189fegdz0c9z0ccm7t4q7ofg&from=fsf&uid=ST9500325AS_5VEKXSARXXXX5VEKXSAR
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll [2015-06-15] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
FF user.js: detected! => C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\user.js [2015-06-16]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\searchplugins\oursurfing.xml [2015-06-16]
FF Extension: PriceLEss - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\2D@eVBEZhK.edu [2015-06-15]
FF Extension: CinemaPlus_1.3dV15.06 - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com [2015-06-15]
FF Extension: CinemaPlus_1.3dV15.06 - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\AVJYFVOD75109374@HCDE39471360.com [2015-06-16]
FF Extension: PrIcELEsS - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\gEO@d2pbIs.org [2015-06-15]
FF Extension: QuickSearch - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\searchffv2@gmail.com [2015-06-15]
FF Extension: Search Enginer - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\sweetsearch@gmail.com [2015-06-15]
FF Extension: NoScript - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-28]
FF Extension: Adblock Plus - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-28]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Sonne\AppData\Roaming\Mozilla\Firefox\Profiles\dxajxy9v.default\extensions\searchffv2@gmail.com
FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CinemaPlus_1.3dV15.06) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceaohckoegdncfpojeiehjkaffbdahli [2015-06-15]
CHR Extension: (CinemaPlus_1.3dV15.06) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-06-15]
CHR Extension: (Google Wallet) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Amazon) - C:\Users\Sonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-02-10]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Sonne\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-12]
CHR HKLM-x32\...\Chrome\Extension: [ooebklgpfnbcnpokahmdidgbmlcdepkm] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125056 2015-06-12] (XTab system)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-24] (FUJITSU LIMITED) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [297608 2015-06-15] (Tencent)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-06-15] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
R3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-06-15] (Tencent)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2009-12-24] (CSR, plc)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
U0 mtxfhi; C:\Windows\System32\drivers\cejxy.sys [79064 2015-06-16] (Malwarebytes Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUdisk64.sys [62264 2015-06-15] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQSysMonX64.sys [129336 2015-06-15] (电脑管家)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-06-16] (Beijing Rising Information Technology Co., Ltd.)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-06-15] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-15] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-15] (电脑管家)
R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tscpm64.sys [42296 2015-06-15] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSDefenseBT64.sys [28472 2015-06-15] (Tencent)
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-15] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TSSysKit64.sys [87352 2015-06-15] (电脑管家)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-16 11:49 - 2015-06-16 11:50 - 00033867 _____ C:\Users\Sonne\Desktop\FRST.txt
2015-06-16 11:47 - 2015-06-16 11:47 - 02109952 _____ (Farbar) C:\Users\Sonne\Desktop\FRST64.exe
2015-06-16 11:06 - 2015-06-16 11:06 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ___RD C:\RavBin
2015-06-16 11:06 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
2015-06-16 11:06 - 2015-06-16 11:04 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-06-16 11:05 - 2015-06-16 10:35 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
2015-06-16 11:05 - 2015-06-16 10:35 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-06-16 11:05 - 2015-06-16 10:32 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-06-16 11:05 - 2015-06-16 10:31 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-06-16 10:30 - 2015-06-16 10:30 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\cejxy.sys
2015-06-16 10:26 - 2015-06-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-15 18:29 - 2015-06-16 11:36 - 00000112 _____ C:\Windows\setupact.log
2015-06-15 18:29 - 2015-06-15 18:29 - 00000000 _____ C:\Windows\setuperr.log
2015-06-15 17:20 - 2015-06-15 17:20 - 00003430 _____ C:\Windows\System32\Tasks\AmiUpdXp
2015-06-15 17:20 - 2015-06-15 17:20 - 00000378 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-06-15 17:20 - 2015-06-15 17:20 - 00000000 ____D C:\Users\Sonne\AppData\Local\32281
2015-06-15 17:08 - 2015-06-15 17:08 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-15 17:03 - 2015-06-15 17:03 - 00003160 _____ C:\Windows\System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D}
2015-06-15 16:57 - 2015-06-15 16:57 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\1CD8A1AE-1434380225-E011-8946-8C736EA82B7D
2015-06-15 16:54 - 2015-06-15 17:02 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\oursurfing
2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\ProgramData\eolmjdcbmnnkhdgehgjabfihnechnicm
2015-06-15 16:53 - 2015-06-15 16:53 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-06-15 16:53 - 2015-06-15 16:52 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-15 16:53 - 2015-06-15 16:52 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-15 16:52 - 2015-06-15 17:12 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Tencent
2015-06-15 16:52 - 2015-06-15 17:08 - 00000000 ____D C:\ProgramData\Tencent
2015-06-15 16:52 - 2015-06-15 16:52 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-15 16:52 - 2015-06-15 16:52 - 00000000 ____D C:\Program Files (x86)\MyPCBU
2015-06-15 16:50 - 2015-06-16 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
2015-06-15 16:50 - 2015-06-16 10:56 - 00000998 _____ C:\Windows\Tasks\bNGItKJsccWOg.job
2015-06-15 16:50 - 2015-06-16 10:30 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-06-15 16:50 - 2015-06-16 10:30 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-06-15 16:50 - 2015-06-15 16:50 - 00004052 _____ C:\Windows\System32\Tasks\R3jz8d0TYYLlGbCwf1NT
2015-06-15 16:50 - 2015-06-15 16:50 - 00004050 _____ C:\Windows\System32\Tasks\R3jz8d0TYYLlGbCwf1N
2015-06-15 16:50 - 2015-06-15 16:50 - 00004038 _____ C:\Windows\System32\Tasks\bNGItKJsccWOg
2015-06-15 16:50 - 2015-06-15 16:50 - 00004036 _____ C:\Windows\System32\Tasks\bNGItKJsccWO
2015-06-15 16:50 - 2015-06-15 16:50 - 00001012 _____ C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1NT.job
2015-06-15 16:50 - 2015-06-15 16:50 - 00001010 _____ C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1N.job
2015-06-15 16:50 - 2015-06-15 16:50 - 00000996 _____ C:\Windows\Tasks\bNGItKJsccWO.job
2015-06-15 16:50 - 2015-06-15 16:50 - 00000150 __RSH C:\rising.ini
2015-06-15 16:50 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-06-15 16:49 - 2015-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-06-15 16:49 - 2015-06-15 16:57 - 00000000 ____D C:\Program Files (x86)\Rs
2015-06-15 16:49 - 2015-06-15 16:50 - 00000000 ____D C:\ProgramData\Rising
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Users\Sonne\AppData\Local\globalUpdate
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Rising
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\b24cd062-bf2a-4359-9342-85828b0ba5d3
2015-06-15 16:49 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\639202a2-5fcc-4a00-ba2e-ebce06ee95fc
2015-06-15 16:48 - 2015-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\CinemaPlus_1.3dV15.06
2015-06-15 16:48 - 2015-06-16 10:26 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-15 16:48 - 2015-06-15 16:49 - 00000330 _____ C:\Windows\Tasks\WTKXPWLM1.job
2015-06-15 16:48 - 2015-06-15 16:48 - 00003572 _____ C:\Windows\System32\Tasks\DWBTM
2015-06-15 16:48 - 2015-06-15 16:48 - 00002852 _____ C:\Windows\System32\Tasks\WTKXPWLM1
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\37e30e59d1a7430da05c726d0388106f
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-15 16:48 - 2015-06-15 16:48 - 00000000 ____D C:\Program Files (x86)\cinemaplus
2015-06-15 16:47 - 2015-06-16 10:30 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-06-15 16:47 - 2015-06-15 16:56 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-06-15 16:47 - 2015-06-15 16:48 - 00000324 _____ C:\Windows\Tasks\XGGLNAPSJN1.job
2015-06-15 16:47 - 2015-06-15 16:47 - 00003572 _____ C:\Windows\System32\Tasks\HLEBG
2015-06-15 16:47 - 2015-06-15 16:47 - 00002846 _____ C:\Windows\System32\Tasks\XGGLNAPSJN1
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\NavRight
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\830d280829ca4028a7f37bc821cc2f16
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
2015-06-15 16:47 - 2015-06-15 16:47 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\ASPackage
2015-06-15 16:46 - 2015-06-15 16:46 - 00000000 _____ C:\Windows\prleth.sys
2015-06-15 16:45 - 2015-06-15 16:45 - 00000000 ____D C:\ProgramData\9218317531913342215
2015-06-15 16:44 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\app_setup
2015-06-15 16:44 - 2015-06-15 16:44 - 00000000 ____D C:\ProgramData\efacfndghcpfjhjefehpihglncakjhem
2015-06-15 16:44 - 2015-06-15 16:44 - 00000000 ____D C:\Program Files (x86)\C2PC
2015-06-15 16:42 - 2015-06-15 16:42 - 01483792 _____ (Dummy, Ltd.) C:\Users\Sonne\Desktop\Robin Schulz feat Ilsey Headlights_10924_i20570157_il345.exe
2015-06-08 01:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-08 01:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-04 13:56 - 2015-06-08 08:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-21 15:48 - 2015-05-21 15:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-05-20 10:46 - 2015-05-20 10:46 - 00013489 _____ C:\Users\Sonne\Documents\Stadt W´hausen Herr Meyer (PayPal).odt
2015-05-18 14:11 - 2015-05-21 15:48 - 00001937 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-05-18 14:11 - 2015-05-21 15:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-05-18 14:10 - 2015-06-15 16:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-18 14:10 - 2015-05-18 14:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-18 14:10 - 2015-05-18 14:10 - 00002013 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-16 11:50 - 2013-07-02 19:21 - 00000000 ____D C:\FRST
2015-06-16 11:41 - 2013-03-28 20:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-16 11:40 - 2014-11-13 11:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-16 11:39 - 2014-11-13 11:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-16 11:39 - 2013-11-28 20:20 - 00001072 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-16 11:39 - 2011-09-30 23:16 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 11:36 - 2013-06-07 21:17 - 01955456 _____ C:\Windows\WindowsUpdate.log
2015-06-16 11:36 - 2011-09-30 23:24 - 00064544 _____ C:\Users\Sonne\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 10:34 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-16 10:34 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-16 10:30 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2015-06-15 17:02 - 2013-09-09 15:44 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-15 17:02 - 2013-07-09 11:08 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-15 17:02 - 2013-07-09 11:08 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-15 17:02 - 2011-09-30 23:34 - 00001431 _____ C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-15 16:59 - 2013-04-17 16:39 - 00000000 ____D C:\Users\Sonne\AppData\Local\CrashDumps
2015-06-15 16:54 - 2011-09-30 23:37 - 00000000 ____D C:\Users\Sonne\AppData\Local\VirtualStore
2015-06-15 14:30 - 2011-09-30 23:16 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 12:41 - 2013-03-28 20:47 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 12:41 - 2013-03-28 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 12:41 - 2011-09-30 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-08 08:43 - 2013-07-09 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 01:36 - 2009-07-14 06:45 - 00294928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-08 01:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-08 01:34 - 2012-05-14 13:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-08 01:32 - 2015-04-22 13:38 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-08 01:32 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-08 01:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-08 01:10 - 2012-03-28 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-06-08 01:10 - 2011-04-16 12:56 - 01649782 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-08 01:10 - 2011-02-14 14:57 - 00700118 _____ C:\Windows\system32\perfh007.dat
2015-06-08 01:10 - 2011-02-14 14:57 - 00149968 _____ C:\Windows\system32\perfc007.dat
2015-06-08 01:04 - 2012-05-14 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-04 13:34 - 2015-05-15 21:27 - 00000000 ____D C:\Users\Sonne\Documents\Musch Delank Imex
2015-05-21 15:57 - 2011-09-30 23:55 - 00000000 ____D C:\Users\Sonne\Desktop\Fotos
2015-05-20 14:44 - 2011-09-30 23:23 - 00000000 ____D C:\Users\Sonne\AppData\Local\Adobe
2015-05-19 11:42 - 2012-04-01 11:15 - 00000000 ____D C:\Users\Sonne\Documents\Eigene Dateien
2015-05-19 09:12 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-05-18 14:11 - 2015-01-11 11:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-18 14:11 - 2011-09-30 23:41 - 00000000 ____D C:\Users\Sonne\AppData\Roaming\Adobe
2015-05-18 14:10 - 2011-09-30 23:18 - 00000000 ____D C:\ProgramData\Adobe
2015-05-18 13:34 - 2011-09-30 23:16 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 13:34 - 2011-09-30 23:16 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe
2013-06-27 11:07 - 2013-06-27 11:07 - 0000005 _____ () C:\Users\Sonne\AppData\Roaming\WBPU-TTL.DAT
2013-10-02 20:36 - 2014-01-05 15:11 - 0000678 _____ () C:\Users\Sonne\AppData\Local\cookies.ini
Some files in TEMP:
====================
C:\Users\Sonne\AppData\Local\Temp\C2PC_SP.exe
C:\Users\Sonne\AppData\Local\Temp\Launcher__13202.exe
C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe
C:\Users\Sonne\AppData\Local\Temp\sc-setup-1.10.0.16.exe
C:\Users\Sonne\AppData\Local\Temp\sdf1C73.exe
C:\Users\Sonne\AppData\Local\Temp\sdf86AA.exe
C:\Users\Sonne\AppData\Local\Temp\sdf9C1E.exe
C:\Users\Sonne\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-09 15:25
==================== End of log ============================ [CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sonne at 2015-06-16 11:51:42
Running from C:\Users\Sonne\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2983943463-2176006230-4185877932-500 - Administrator - Disabled)
Gast (S-1-5-21-2983943463-2176006230-4185877932-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2983943463-2176006230-4185877932-1002 - Limited - Enabled)
Sonne (S-1-5-21-2983943463-2176006230-4185877932-1001 - Administrator - Enabled) => C:\Users\Sonne
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION!
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
C2PC version 1.8 (HKLM-x32\...\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1) (Version: 1.8 - )
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
cinemaplus version 2.04 (HKLM-x32\...\{59680D1A-6A49-4E85-BB42-6886773DF589}_is1) (Version: 2.04 - ) <==== ATTENTION
CinemaPlus_1.3dV15.06 (HKLM-x32\...\CinemaPlus_1.3dV15.06) (Version: 1.36.01.22 - CinemaPlus_1.3dV15.06) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate 4.11 (HKLM-x32\...\DeskUpdate_is1) (Version: 4.11.0074 - Fujitsu Technology Solutions)
eBay (HKLM-x32\...\{9983CD31-473F-4808-8317-5346119F0187}) (Version: 1.0.1 - eBay Inc.)
FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION!
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FreeOCR v5.0 (HKLM-x32\...\freeocr_is1) (Version: - )
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version: - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPCBU version 2.25 (HKLM-x32\...\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1) (Version: 2.25 - )
NavRight (HKLM-x32\...\NavRight) (Version: - )
Nero 9 Essentials (HKLM-x32\...\{54da196d-166e-41ff-97b8-b36d914b919c}) (Version: - Nero AG)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
oursurfing uninstall (HKLM-x32\...\oursurfing uninstall) (Version: - oursurfing) <==== ATTENTION
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Rising Antivirus (HKLM-x32\...\RAV) (Version: 24.00.43.07 - Beijing Rising Information Technology, Inc.)
Rising Software Deployment System (HKLM-x32\...\RSD) (Version: 23.00.01.02 - Beijing Rising Information Technology, Inc.)
Rossmann Fotowelt Software 4.9 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.9 - ORWO Net)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - )
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\VisualBee for Microsoft PowerPoint) (Version: V3.9 - VisualBee.com)
VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VisualBee for Microsoft PowerPoint) (Version: V3.9 - VisualBee.com)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Zip Opener Packages 83 (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\Zip Opener Packages 83) (Version: - ) <==== ATTENTION
Zip Opener Packages 83 (HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Zip Opener Packages 83) (Version: - ) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
08-05-2015 12:34:43 Windows Update
15-05-2015 14:18:39 Windows Update
19-05-2015 11:30:30 Windows Update
22-05-2015 13:33:32 Windows Update
28-05-2015 09:29:41 Windows Update
04-06-2015 13:34:06 Windows Update
08-06-2015 01:01:03 Windows Update
12-06-2015 15:46:14 Windows Update
15-06-2015 16:50:44 LavasoftWeCompanion
16-06-2015 10:45:44 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2013-06-27 13:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {008A50F6-6F65-4BD2-9CED-9C791EF23812} - System32\Tasks\WTKXPWLM1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-03] (FlashBeat) <==== ATTENTION
Task: {052DD86F-62F1-497A-A9E5-710BA7A63CB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {0B591F0B-E6B2-4AAC-A1B2-1E75764927A9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {0C20330D-F6F8-4F2E-8E55-839AA9A4126A} - System32\Tasks\AmiUpdXp => C:\Users\Sonne\AppData\Local\32281\Updater.exe [2015-06-09] () <==== ATTENTION
Task: {0E14688E-C9EE-4B4D-A5A5-551D4BE1CA20} - System32\Tasks\XGGLNAPSJN1 => C:\ProgramData\NavRight\NavRight.exe [2015-06-03] (NavRight) <==== ATTENTION
Task: {23D0AE57-EA18-4B45-8047-200E93E04815} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {240F7B74-8D37-46DA-8750-052664AEABBB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-17] (Microsoft Corporation)
Task: {2A9F2D7A-9915-4466-8678-A21B3B1D1363} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {31656AD6-33B9-45E2-8C4C-F877E75F8096} - System32\Tasks\R3jz8d0TYYLlGbCwf1NT => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe [2015-04-20] () <==== ATTENTION
Task: {3411171A-79EB-4AF9-A62B-E9E629B0164A} - System32\Tasks\bNGItKJsccWOg => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe [2015-04-20] () <==== ATTENTION
Task: {49A6221B-522F-4306-B4C6-C3E86C02A0F8} - System32\Tasks\{C07EE879-4943-44B9-B8F3-B055E75D3C3D} => pcalua.exe -a C:\Users\Sonne\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt
Task: {5C3F2F40-0337-4951-8437-B5CCCCC99282} - System32\Tasks\{18968C56-914E-4610-8DF1-80B92D002E96} => pcalua.exe -a C:\Users\Sonne\Downloads\marineemail.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {65A6A838-CF81-4A49-AED4-D6FD263E0342} - \QtraxPlayer No Task File <==== ATTENTION
Task: {69FC9E73-AB0D-4594-A8C2-DDE5D47DDCED} - System32\Tasks\DWBTM => C:\ProgramData\37e30e59d1a7430da05c726d0388106f\37e30e59d1a7430da05c726d0388106f.exe [2015-06-03] () <==== ATTENTION
Task: {6AEEDEA0-A547-4EA4-9AFD-BFA6D14445C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {6B7C6944-8702-4A14-BB6E-520DD18A2A23} - System32\Tasks\HLEBG => C:\ProgramData\830d280829ca4028a7f37bc821cc2f16\830d280829ca4028a7f37bc821cc2f16.exe [2015-06-03] () <==== ATTENTION
Task: {82487041-C999-4ECE-AB7C-7EFD19457194} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {85E8106C-2D2C-40FD-B2AB-B54F42DD7C5A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {974EC68E-FAF1-4CE4-9A02-98FF7880FA7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {C0BF6834-9915-4732-9C72-46A1CE0E29F5} - System32\Tasks\R3jz8d0TYYLlGbCwf1N => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N.exe <==== ATTENTION
Task: {C81A6CC7-9F65-4B36-9A95-33D5EBF5372E} - \DealPly No Task File <==== ATTENTION
Task: {E46C9C0B-AAEF-4E29-BB4F-E8169FDD5DBA} - System32\Tasks\bNGItKJsccWO => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO.exe <==== ATTENTION
Task: {F0E5005F-E2B8-459E-A428-D7BB161AA46B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F18FBE52-13C8-49FF-B7FC-18FCA0169CDD} - \DealPlyUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Sonne\AppData\Local\32281\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bNGItKJsccWO.job => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWO.exe <==== ATTENTION
Task: C:\Windows\Tasks\bNGItKJsccWOg.job => C:\Users\Sonne\AppData\Roaming\bNGItKJsccWOg.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1N.job => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1N.exe <==== ATTENTION
Task: C:\Windows\Tasks\R3jz8d0TYYLlGbCwf1NT.job => C:\Users\Sonne\AppData\Roaming\R3jz8d0TYYLlGbCwf1NT.exe <==== ATTENTION
Task: C:\Windows\Tasks\WTKXPWLM1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\XGGLNAPSJN1.job => C:\ProgramData\NavRight\NavRight.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2013-06-24 10:54 - 2013-06-20 09:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2015-06-15 16:43 - 2015-06-15 16:43 - 00637456 _____ () C:\Users\Sonne\AppData\Local\Temp\Robin Schulz feat Ilsey Headlights__10924_i1536990031_il127297.exe
2015-06-15 16:48 - 2015-06-15 16:48 - 01418832 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-10.exe
2015-06-15 16:50 - 2015-06-15 16:50 - 01313872 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-1-6.exe
2015-06-15 16:50 - 2015-06-15 16:50 - 01561168 ____N () C:\Program Files (x86)\CinemaPlus_1.3dV15.06\e2db6740-b937-4041-963f-f478680e12ae-1-6.exe
2013-06-24 10:54 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2013-06-24 10:54 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2013-06-24 10:54 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2013-06-24 10:54 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-06-24 10:54 - 2012-08-06 11:54 - 09843640 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2013-06-24 10:54 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2013-06-24 10:54 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2013-06-24 10:54 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2013-06-24 10:54 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-06-24 10:54 - 2010-06-02 07:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-24 10:54 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2011-01-17 16:19 - 2012-04-02 12:01 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-11-19 18:45 - 2012-04-02 12:01 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\zlib.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libexpatw.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\tinyxml.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\sqlite.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\oDayProtect.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00203104 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQFileFlt.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\xGraphic32.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\arkGraphic.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\jgImage.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libpng.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\libjpegturbo.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\jgIOStub.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\xImage.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00076128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\MemDefrag.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00571800 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMLoader\QQPCDetector.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00235872 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMWlanMacDll.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\zlib.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libexpatw.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\tinyxml.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\xGraphic32.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\arkGraphic.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\jgImage.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libpng.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\libjpegturbo.dll
2015-06-15 16:52 - 2015-06-15 16:52 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\jgIOStub.dll
2015-06-11 12:41 - 2015-06-11 12:41 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\...\100sexlinks.com -> 100sexlinks.com
There are 5317 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2983943463-2176006230-4185877932-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{55CCA8F9-D7B5-4F9D-A1C7-0B120701405F}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{B468A948-BB76-4CC2-8EF5-6D096A47B629}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{CF74D96B-E1AF-4464-BBA7-6E115330DC86}] => (Allow) C:\Users\Sonne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{457EC9A3-52BC-49DA-93F0-076B646025E4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D5351F3C-C8D2-49A3-AEDA-74CD7573D131}] => (Allow) LPort=2869
FirewallRules: [{159A9B9B-3C47-48E0-B8A7-E5E0B58DEA73}] => (Allow) LPort=1900
FirewallRules: [{C3CE3E41-BC8A-4006-93C6-64BBF3F1BBCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{69095B4D-B1DD-4937-900E-764FB4BFDC74}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{027761D3-0BC9-4612-9AC4-B14267E6A1E7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{2724A7D4-B849-4303-8964-334540F1B94D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{88C79719-3F96-4DC0-AF71-AFEC59DD0098}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30BB36D4-C5D6-4159-93A1-BC3151A034CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{17D53D46-A97F-4EE3-971C-B63FFE14E20B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E033C7B7-2C7D-4154-8093-BF61B71ED4CF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{70C0E24B-7BC3-4ACB-8ECE-AA2E1567D9D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{609E758D-717E-4834-9282-0228860D500C}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{98E0B3BC-E288-498B-B3A4-578CE05808E8}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{21A5AA21-61CA-4320-83DE-399BA6221F46}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCmgrInstallGuide.exe
FirewallRules: [{2602B83B-1568-40C5-A807-3D8B187937BD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{40CE0218-73D9-4A4F-91FC-8A5DE007F6A6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{AC4607BC-E257-44B8-9CB1-BE57E67263FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
FirewallRules: [{6C6F446B-5DCF-41D0-B111-4466031A7A9C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCMgr.exe
FirewallRules: [{C0947541-CF29-4751-A887-F4BCD33EDCAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe
FirewallRules: [{DC2A925D-A8D1-407A-86B8-2D2E9280DBEA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMDL.exe
FirewallRules: [{81EF5DF4-68DE-429A-9E3D-B43C6BAF0CAA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\bugreport.exe
FirewallRules: [{7F1A03C7-2D48-4FA2-8D26-3D9A19FB1F14}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCFileOpen.exe
FirewallRules: [{112B5B9F-E5D2-48F7-ADD1-457835463309}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLeakScan.exe
FirewallRules: [{CBF8034A-63AF-41DC-BD89-0BD3024078AE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPConfig.exe
FirewallRules: [{2E84B329-707E-4707-BDF6-F69283F8898B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftMgr.exe
FirewallRules: [{B412D22A-BC2C-4B33-BFDE-637399E97679}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{BA6450E5-CC5F-4446-BE3F-B9DEE93C1854}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCBTU.exe
FirewallRules: [{FAA11A10-0A48-4E71-BDD2-488DA3454B94}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCClinic.exe
FirewallRules: [{97D14ABF-BF44-43B2-BE3B-536DEEC0F6C2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCLaunch.exe
FirewallRules: [{BD948B14-8C19-4799-B2A4-D7904DF21CF5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{FBB344B2-584B-4308-A2F2-CE70AB3D968C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSoftGame.exe
FirewallRules: [{1CD34930-42E6-4A4C-B569-3D7926CCED2D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCSysOptimize.exe
FirewallRules: [{65251F91-D874-48BD-B251-1874D834E5BE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCUpdateAVLib.exe
FirewallRules: [{A8A802BB-5C55-45B0-B4D1-703FBB22C0FF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQRepair.exe
FirewallRules: [{D31B42DD-FD8B-4D94-AE62-BB9F46539659}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\Uninst.exe
FirewallRules: [{9A32480F-FA3E-4286-99F5-FC3BDC41DE33}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCPatch.exe
FirewallRules: [{CAFF155D-2F2E-4355-BF76-9EC6DD49C97C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TpkUpdate.exe
FirewallRules: [{8C13F7E8-00D4-4215-98A3-09ED996C24D0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMRouterMgr.exe
FirewallRules: [{25C46C94-E505-4199-B70A-08C91E15345C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAccountProtection.exe
FirewallRules: [{F367AF67-BF06-4DC1-B514-C57A7B023FED}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMAdBlock.exe
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/16/2015 10:30:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d71ba
ID des fehlerhaften Prozesses: 0x16a0
Startzeit der fehlerhaften Anwendung: 0x0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0
Pfad der fehlerhaften Anwendung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe1
Pfad des fehlerhaften Moduls: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe2
Berichtskennung: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe3
Error: (06/15/2015 04:55:45 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect
Error: (06/15/2015 04:52:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/15/2015 04:49:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (06/15/2015 04:49:18 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
Error: (06/15/2015 04:45:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/15/2015 02:24:29 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
System errors:
=============
Error: (06/15/2015 04:53:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "QQPCMgr RTP Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/15/2015 04:52:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9A754403-27B1-4ED7-96D7-588F07888EBF}
Error: (06/15/2015 04:50:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Rav Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/15/2015 04:49:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Rsd Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/08/2015 01:37:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.
Error: (06/08/2015 01:37:48 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
Error: (06/08/2015 01:37:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (06/08/2015 01:37:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%16405
Error: (06/04/2015 01:23:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst IE Search Set erreicht.
Error: (06/04/2015 01:22:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 02.06.2015 um 20:53:53 unerwartet heruntergefahren.
Microsoft Office:
=========================
Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/16/2015 10:45:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WindowsMangerProtect Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/16/2015 10:30:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0.0.0.0000000000ea818e1-6dca-41bf-80a3-83aec663b48e-6.exe0.0.0.000000000c0000005000d71ba16a001d0a77a857e0638C:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exeC:\Program Files (x86)\CinemaPlus_1.3dV15.06\0ea818e1-6dca-41bf-80a3-83aec663b48e-6.exeee1495d1-1401-11e5-ac95-e0ca9437c504
Error: (06/15/2015 04:55:45 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect
Error: (06/15/2015 04:52:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Users\Sonne\AppData\Local\Temp\Tencent\QQPCMgr\~2754c540\TestMSVCR_64.exe
Error: (06/15/2015 04:49:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (06/15/2015 04:49:18 PM) (Source: MsiInstaller) (EventID: 11316) (User: Harley-Davidson)
Description: Product: globalupdate Helper -- Error 1316. Das angegebene Konto ist bereits vorhanden.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (06/15/2015 04:45:41 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (06/15/2015 02:24:29 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
CodeIntegrity Errors:
===================================
Date: 2013-06-27 13:08:33.046
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-27 13:08:32.968
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 66%
Total physical RAM: 3892.55 MB
Available physical RAM: 1289.59 MB
Total Pagefile: 7783.3 MB
Available Pagefile: 4165.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:463.76 GB) (Free:250.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B477DB1C)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)
==================== End of log ============================ --- --- --- Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 16.06.2015
Suchlauf-Zeit: 11:40:36
Logdatei: malwarebytes.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.06.16.03
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sonne
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 393707
Verstrichene Zeit: 27 Min, 31 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 0
(Keine schädliche Elemente gefunden)
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end) |