Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possibly a rootkit: separate thread for my 2nd laptop in my LAN


  • This topic is locked This topic is locked
7 replies to this topic

#1 LASERzzzzzz

LASERzzzzzz

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe/Germany
  • Local time:09:11 AM

Posted 10 March 2017 - 06:45 PM

hi

 

this a separate thread for my 2nd Laptop (msi-GE60) in my LAN that is possibly infected with a rootkit. Here is the first thread i created to check if my first

laptop (packard bell TSX62) is infected with a rootkit or not:

https://www.bleepingcomputer.com/forums/t/641549/possibly-one-of-my-laptops-in-my-lan-infected-with-a-rootkit/

 

The moderator @nasdaq  told me to open a separate thread for this second laptop.

 

cu and greets from Germany !

 

Here are both log files (Addition.txt and FRST.txt). from my 2nd laptop "msi-GE60":

 

 

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
durchgeführt von NRG1 (Administrator) auf NRG1MSIGE60 (11-03-2017 00:01:56)
Gestartet von C:\Users\NRG1\Desktop
Geladene Profile: NRG1 (Verfügbare Profile: NRG1 & NET1protected)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\DeskScapes8\DS8Srv.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowFX\WindowFXSRV.exe
() C:\Program Files (x86)\Stardock\WindowFX\wfx32.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\DeskScapes8\Deskscapes64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TERRATEC\Remote\TTTvRc.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Spotify Ltd) C:\Users\NRG1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Xmarks.com) C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDockTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3273480 2014-01-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3992208 2014-10-03] (Stardock Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [571192 2014-08-14] (Acronis)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1328632 2015-12-04] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5356184 2015-09-15] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [693336 2015-07-20] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [353408 2014-04-12] (GP Software)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TERRATEC\Remote\TTTvRc.exe [1699912 2010-10-26] (Elgato Systems)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Spotify Web Helper] => C:\Users\NRG1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2015-05-21] (Spotify Ltd)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1178680 2014-11-06] (Xmarks.com)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [283232 2015-06-03] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Jotta] => "C:\Program Files\Jotta\jotta.exe"
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-04-02] (ZONER software)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2014-01-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2014-01-08] (NVIDIA Corporation)
SSODL: EldosMountNotificator-cbfs6 - {110B0F98-6C5C-44D5-BA37-B95BD38E7568} - C:\Windows\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {110B0F98-6C5C-44D5-BA37-B95BD38E7568} - C:\Windows\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1413760 2014-04-12] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [367704 2014-04-12] (GP Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {42A18941-FEB7-4617-AD89-08A387723E89} => C:\Windows\system32\cbfsMntNtf6.dll [2016-09-09] (/n software, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {42A18941-FEB7-4617-AD89-08A387723E89} => C:\Windows\SysWOW64\cbfsMntNtf6.dll [2016-09-09] (/n software, Inc.)
Startup: C:\Users\NET1protected\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Autostart).lnk [2016-03-21]
ShortcutTarget: Directory Opus (Autostart).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
Startup: C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2017-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Autostart).lnk [2015-05-20]
ShortcutTarget: Directory Opus (Autostart).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
Startup: C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-06-18]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2015-05-25]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{4EE7236B-EB0A-4B14-A58A-4437411BC30D}: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{B8F39006-DBE2-4921-AFBA-B001496AEB6F}: [DhcpNameServer] 80.69.96.12 81.210.129.4

Internet Explorer:
==================
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.horizon.tv/de_de.html
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-14] (Microsoft Corporation)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2017-02-08] (F-Secure Corporation)
BHO: F-Secure Search -> {690EF1CF-5775-4CB3-A5B8-85A63FD0262B} -> C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch64.dll [2016-10-24] (F-Secure Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-02-14] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-14] (Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2017-02-08] (F-Secure Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-08-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-02-14] (Microsoft Corporation)
Toolbar: HKLM - F-Secure Search Toolbar - {B242FC32-2B60-48EA-A8E3-2E280EDBC48F} - C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch64.dll [2016-10-24] (F-Secure Corporation)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2010-09-01] (TerraTec Electronic GmbH)
Toolbar: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000 -> Kein Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  Keine Datei
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684 [2017-03-11]
FF NewTab: Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684 -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF Homepage: Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684 -> file:///C:/liveBASE_gfx/graphics/set_WP_sites_RDM/set_A/nexus_desktop_com/set_01_rdm_fast/1962493-1920x1.jpg
FF Extension: (Page Zoom Button) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2016-05-13]
FF Extension: (ADB Helper) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\adbhelper@mozilla.org [2017-01-11]
FF Extension: (Classic Theme Restorer) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-01-11]
FF Extension: (Extension List Dumper 2) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\extension_list_dumper_2@iceberg.it.xpi [2015-12-07]
FF Extension: (FindBar Tweak) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\fbt@quicksaver.xpi [2017-01-11]
FF Extension: (Xmarks) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\foxmarks@kei.com [2016-07-27]
FF Extension: (Valence) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\fxdevtools-adapters@mozilla.org [2016-04-10]
FF Extension: (VTzilla) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\info@virustotal.com.xpi [2017-01-19]
FF Extension: (NASA Night Launch) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\nasanightlaunch@example.com.xpi [2016-03-31]
FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\pavel.sherbakov@gmail.com [2016-10-16]
FF Extension: (S3.Google Translator) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\s3google@translator.xpi [2017-01-11]
FF Extension: (Status-4-Evar) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\status4evar@caligonstudios.com.xpi [2016-10-16]
FF Extension: (Super Drag) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\superdrag@enjoyfreeware.org.xpi [2016-05-13]
FF Extension: (LastPass) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\support@lastpass.com [2017-01-11]
FF Extension: (Tab Scope) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\tabscope@xuldev.org.xpi [2016-10-16]
FF Extension: (uBlock Origin) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\uBlock0@raymondhill.net.xpi [2017-03-01]
FF Extension: (Clean Links) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-05-13]
FF Extension: (Stylish) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-10-16]
FF Extension: (FT DeepDark) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-03-08]
FF Extension: (Context Search) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2016-04-26]
FF Extension: (Tab Mix Plus) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-03-01]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\features\{3af4ae50-fb71-4300-8b45-3c8e36a1771f}\disableSHA1rollout@mozilla.org.xpi [2017-03-03]
FF SearchPlugin: C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\searchplugins\firefox-add-ons.xml [2015-12-01]
FF SearchPlugin: C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\searchplugins\leo-eng-deu-v20.xml [2016-01-23]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-24] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\\Firefox\main.xpi
FF Extension: (Search by F-Secure) - C:\Program Files (x86)\F-Secure\apps\SafeSearch\\Firefox\main.xpi [2016-10-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\NRG1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\NRG1\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default [2017-03-10]
CHR Extension: (Google Präsentationen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-04]
CHR Extension: (Google Docs) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-04]
CHR Extension: (Google Drive) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (YouTube) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (Google-Suche) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Google Tabellen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-04]
CHR Extension: (Google Docs Offline) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]
CHR Extension: (Search by F-Secure) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli [2016-10-05]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-10-05]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Google Mail) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-08]
CHR Profile: C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard [2015-12-04] <==== ACHTUNG
CHR Extension: (Google Präsentationen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-19]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-11-20]
CHR Extension: (Google Docs) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-19]
CHR Extension: (Google Drive) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-20]
CHR Extension: (Note Board Web) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\apgackkfllmckgkbdfmbfodpinmnnpab [2015-05-19]
CHR Extension: (Earth View from Google Earth) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\bhloflhklmhfpedakmangadcdofhnnoh [2015-11-30]
CHR Extension: (YouTube) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Audials Live Radio & Podcast) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\bnjlebpekgoocnhepibpaebimepdhccf [2015-05-19]
CHR Extension: (Spotify - Music for every moment) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-05-19]
CHR Extension: (Google-Suche) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20]
CHR Extension: (PartyCloud DJ Mixer) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2015-07-21]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-12-01]
CHR Extension: (Mixcloud) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\fdcenekolminfbkcbchinlcgfhpmggpk [2015-05-19]
CHR Extension: (Google Tabellen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-19]
CHR Extension: (Google Docs Offline) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Anyfile Notepad) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\ghlichmdnegmcpafgmmlpkegmcndlndi [2015-12-03]
CHR Extension: (Search by F-Secure) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\gkmikccifolokanfakbeadbmgchomeli [2015-11-30]
CHR Extension: (Google Kalender (von Google)) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-10-07]
CHR Extension: (In Google Drive speichern) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-05-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-11-20]
CHR Extension: (CloudConvert) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2015-05-19]
CHR Extension: (Heap Hinweis) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\hkpiejadkdojdbfgfocaoahhbepnlpph [2015-05-19]
CHR Extension: (Google Notizen – Notizen & Listen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-11-30]
CHR Extension: (Google Play Music) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-05-28]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-11-20]
CHR Extension: (HaloSphere2) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\kgomecamheokbcchdiealibchbkcefob [2015-05-19]
CHR Extension: (Google Hangouts) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-11-30]
CHR Extension: (AudioSauna) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2015-05-19]
CHR Extension: (Google Mail-Checker) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-05-19]
CHR Extension: (Google Hangouts) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-20]
CHR Extension: (Drive) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2015-05-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Deezer) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2015-05-19]
CHR Extension: (Radio online) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\ooknliccjbhggbjkakpanckidhkjeekl [2015-05-19]
CHR Extension: (Evernote Web Clipper) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-09-23]
CHR Extension: (Google Mail) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-19]
CHR Extension: (Google Similar Pages) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2015-05-19]
CHR Extension: (Audio Cutter) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2015-05-19]
CHR Extension: (Abstract-Blue) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2015-09-09]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\Chrome\main.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2777840 2016-01-31] (Microsoft Corporation)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 DeskScapes8; C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe [75376 2014-03-10] (Stardock Software, Inc)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-14] (EasyAntiCheat Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [218080 2016-10-26] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [62432 2016-05-20] (F-Secure Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Datei ist nicht signiert]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-06-18] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [360448 2014-08-18] (Qualcomm Atheros) [Datei ist nicht signiert]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2014-03-10] (Stardock Corporation) [Datei ist nicht signiert]
R2 WindowFX; C:\Program Files (x86)\Stardock\WindowFX\WindowFXSrv.exe [181904 2014-06-12] (Stardock Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [97456 2014-08-13] (Qualcomm Atheros, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R1 cbfs6; C:\Windows\system32\drivers\cbfs6.sys [460992 2016-09-09] (/n software, Inc.)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows ® Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows ® Win 7 DDK provider)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [229080 2017-02-02] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [106712 2017-02-02] (F-Secure Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2016-02-02] (Acronis International GmbH)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2016-07-06] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [110288 2017-02-08] (F-Secure Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [161488 2014-03-05] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2015-02-23] (Audials AG)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466648 2014-02-21] (Realsil Semiconductor Corporation)
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2016-02-02] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2016-02-02] (Acronis International GmbH)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2016-09-09] (/n software, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-09-03] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-09-03] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-11 00:01 - 2017-03-11 00:01 - 00044833 _____ C:\Users\NRG1\Desktop\FRST.txt
2017-03-10 23:58 - 2017-03-10 23:58 - 02423808 _____ (Farbar) C:\Users\NRG1\Desktop\FRST64.exe
2017-03-09 19:40 - 2017-03-09 19:40 - 00000000 ___DL C:\Users\NRG1\AppData\LocalLow\PlayReady
2017-03-09 12:30 - 2017-03-09 12:30 - 00000000 ____D C:\Users\NRG1\AppData\LocalLow\F-Secure
2017-03-07 14:19 - 2017-03-07 14:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-07 14:17 - 2017-03-07 14:17 - 00000000 ____D C:\Users\NRG1\Desktop\MBAR

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-11 00:02 - 2016-05-19 12:30 - 00067898 _____ C:\Windows\ZAM.krnl.trace
2017-03-11 00:02 - 2016-05-19 12:30 - 00033969 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-11 00:01 - 2016-03-21 01:42 - 00000000 ____D C:\FRST
2017-03-11 00:00 - 2016-11-16 12:07 - 00000000 ____D C:\Users\NRG1\AppData\LocalLow\Mozilla
2017-03-10 23:58 - 2017-01-01 01:22 - 00000000 ____D C:\_xNET_DL
2017-03-10 23:40 - 2009-07-14 05:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-10 23:40 - 2009-07-14 05:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-10 23:39 - 2011-04-12 08:43 - 00700380 _____ C:\Windows\system32\perfh007.dat
2017-03-10 23:39 - 2011-04-12 08:43 - 00149986 _____ C:\Windows\system32\perfc007.dat
2017-03-10 23:39 - 2009-07-14 06:13 - 01622706 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-10 23:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-10 23:33 - 2016-05-02 14:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-10 23:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-10 22:16 - 2016-05-12 20:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-10 22:14 - 2016-05-24 22:52 - 00000000 ____D C:\liveBASE_G
2017-03-10 22:14 - 2016-05-11 01:39 - 00000000 ____D C:\liveBASE_musix
2017-03-10 22:14 - 2016-04-04 03:21 - 00000000 ____D C:\liveBASE_gfx
2017-03-10 22:14 - 2015-05-23 17:10 - 00000000 ____D C:\liveBASE
2017-03-10 22:04 - 2017-01-01 01:25 - 00000000 ____D C:\_xSET
2017-03-10 21:02 - 2016-10-31 08:35 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\AIMP
2017-03-10 21:00 - 2016-11-09 16:41 - 00000000 ____D C:\stor_general
2017-03-10 21:00 - 2016-11-07 16:06 - 00000000 ____D C:\liveBASE_i
2017-03-10 21:00 - 2015-08-09 02:39 - 00000000 ____D C:\queue_4_GT72
2017-03-10 21:00 - 2015-05-23 00:20 - 00000000 ____D C:\liveSTOR
2017-03-10 21:00 - 2015-05-20 15:23 - 00000000 ____D C:\queue_4_M500
2017-03-10 17:48 - 2015-05-21 20:42 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\Spotify
2017-03-10 17:44 - 2015-05-21 20:42 - 00000000 ____D C:\Users\NRG1\AppData\Local\Spotify
2017-03-09 23:47 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-03-08 23:24 - 2015-05-18 20:33 - 00000000 ____D C:\Users\NRG1
2017-03-08 23:23 - 2016-05-02 16:38 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2017-03-08 19:34 - 2015-05-28 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-08 18:10 - 2016-11-16 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-08 18:08 - 2016-03-21 23:48 - 00000000 ____D C:\Users\NET1protected
2017-03-08 01:43 - 2015-06-04 23:13 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\MediaMonkey
2017-03-07 14:18 - 2016-05-02 14:39 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-03-07 13:42 - 2015-05-19 15:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-24 05:04 - 2015-05-20 19:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 22:01 - 2015-05-19 12:15 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 21:59 - 2015-05-19 12:15 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 11:44 - 2015-06-07 19:13 - 00001610 _____ C:\Users\NRG1\Desktop\CDI_7_0_5_64_liveSTOR.lnk
2017-02-22 21:42 - 2016-05-29 23:05 - 00000000 ____D C:\Users\NRG1\AppData\Local\pCloud
2017-02-20 18:45 - 2016-04-25 20:44 - 00021504 _____ C:\Users\NRG1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-16 02:37 - 2015-05-18 23:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-14 13:16 - 2016-05-12 20:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 13:16 - 2015-05-28 15:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 13:16 - 2015-05-28 15:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 13:16 - 2015-05-28 15:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-14 13:16 - 2015-05-28 15:46 - 00000000 ____D C:\Windows\system32\Macromed

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-28 16:07 - 2016-08-04 17:40 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-04-25 20:44 - 2017-02-20 18:45 - 0021504 _____ () C:\Users\NRG1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-18 23:26 - 2015-05-18 23:26 - 0000000 _____ () C:\Users\NRG1\AppData\Local\Driver_LOM_8161Present.flag
2015-06-21 08:12 - 2015-06-21 08:12 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2002-02-04 08:53 - 2002-02-04 08:53 - 0000000 ____H () C:\ProgramData\sdpsenv.dat

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\sdpsenv.dat


Einige Dateien in TEMP:
====================
2015-06-03 22:22 - 2015-06-03 22:22 - 0000512 _____ () C:\Users\NRG1\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
2015-06-04 17:29 - 2016-02-02 20:20 - 0638864 _____ (Acronis) C:\Users\NRG1\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
2015-05-30 13:33 - 2015-05-30 13:33 - 1010672 _____ (DivX, LLC) C:\Users\NRG1\AppData\Local\Temp\DivXSetup.exe
2016-08-04 03:29 - 2016-08-04 03:29 - 0741440 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u101-windows-au.exe
2015-07-21 02:24 - 2015-07-21 02:24 - 0563808 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-09-20 01:02 - 2015-09-20 01:02 - 0585824 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-10-22 23:21 - 2015-10-22 23:21 - 0585824 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-21 04:53 - 2015-11-21 04:53 - 0585824 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-01-24 06:13 - 2016-01-24 06:13 - 0644704 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-08 14:01 - 2016-02-08 14:01 - 0736352 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-27 05:22 - 2016-03-27 05:22 - 0736320 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-26 15:05 - 2016-04-26 15:05 - 0739904 _____ (Oracle Corporation) C:\Users\NRG1\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-05-24 22:19 - 2014-03-24 23:55 - 0099096 _____ () C:\Users\NRG1\AppData\Local\Temp\LMkRstPt.exe
2015-06-04 23:13 - 2015-06-04 23:14 - 6944290 _____ () C:\Users\NRG1\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
2015-07-11 01:35 - 2015-07-11 01:35 - 7000049 _____ () C:\Users\NRG1\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
2015-08-11 00:53 - 2015-08-11 00:53 - 5621420 _____ () C:\Users\NRG1\AppData\Local\Temp\npp.6.8.1.Installer.exe
2015-09-10 19:50 - 2015-09-10 19:50 - 5311104 _____ () C:\Users\NRG1\AppData\Local\Temp\npp.6.8.3.Installer.exe
2015-11-10 23:43 - 2015-11-10 23:43 - 4103179 _____ () C:\Users\NRG1\AppData\Local\Temp\npp.6.8.6.Installer.exe
2016-02-27 16:08 - 2016-02-27 16:08 - 4121418 _____ () C:\Users\NRG1\AppData\Local\Temp\npp.6.8.8.Installer.exe
2016-08-21 15:24 - 2016-08-21 15:24 - 4211112 _____ () C:\Users\NRG1\AppData\Local\Temp\npp.6.9.2.Installer.exe
2016-11-03 20:51 - 2016-11-03 20:51 - 2842320 _____ () C:\Users\NRG1\AppData\Local\Temp\npp.7.1.Installer.exe
2016-12-07 14:27 - 2016-12-07 14:27 - 43872728 _____ (Skype Technologies S.A.) C:\Users\NRG1\AppData\Local\Temp\SkypeSetup.exe
2011-11-03 15:13 - 2011-11-03 15:13 - 1786688 _____ () C:\Users\NRG1\AppData\Local\Temp\sonarinst.exe
2015-08-03 00:58 - 2015-08-03 00:58 - 0118784 _____ () C:\Users\NRG1\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-04 14:34

==================== Ende von FRST.txt ============================

Attached Files


Edited by LASERzzzzzz, 10 March 2017 - 06:50 PM.

....i dont like CHAOS but CHAOS likes me! ....live from EUROPE/germany !!! ....live from EUROPE/germany !!!


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 AM

Posted 11 March 2017 - 08:07 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
Toolbar: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000 -> Kein Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  Keine Datei
FF NewTab: Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684 -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\pavel.sherbakov@gmail.com [2016-10-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-08]
CHR Profile: C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard [2015-12-04] <==== ACHTUNG
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\Chrome\main.crx <nicht gefunden>
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys 
AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ADOBE SHOCKWARE

Navigate to this page and follow the instructions and get the latest version.
https://www.adobe.com/shockwave/welcome/
=====

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/
===

Remove these old programs in bold via the Control Panel > Programs > Programs and Features if still present.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Shockwave Playe 12.1r (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)

Please let me know what problem persists with this computer.

#3 LASERzzzzzz

LASERzzzzzz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe/Germany
  • Local time:09:11 AM

Posted 12 March 2017 - 07:13 AM

ok.. here is the file "Fixlog.txt" from the laptop msi-GE60.

 

Short note:

I started FRST but "F-Secure Internet securit"y interrupted the execution. F-Secure asked me if i "trust" the application.

I've chosen the option: "Yes i trust the application. Don't block it anymore". I guess the build-in behaviour blocker of

F-Secure interupted the execution. I hope that FRST was able to complete his job sucessfully.....

....greets from Germany !

 

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01
durchgeführt von NRG1 (12-03-2017 03:03:32) Run:1
Gestartet von C:\Users\NRG1\Desktop
Geladene Profile: NRG1 (Verfügbare Profile: NRG1 & NET1protected)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
Toolbar: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000 -> Kein Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  Keine Datei
FF NewTab: Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684 -> chrome://fvd.speeddial/content/fvd_about_blank.html
FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\pavel.sherbakov@gmail.com [2016-10-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-08]
CHR Profile: C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard [2015-12-04] <==== ACHTUNG
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\Chrome\main.crx <nicht gefunden>
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys
AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]


End
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB => Schlüssel erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => Wert erfolgreich entfernt
HKLM\SOFTWARE\Policies\Google => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AD6E6555-FB2C-47D4-8339-3E2965509877} => Wert erfolgreich entfernt
HKCR\CLSID\{AD6E6555-FB2C-47D4-8339-3E2965509877} => Schlüssel nicht gefunden.
Firefox "newtab" erfolgreich entfernt
C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\pavel.sherbakov@gmail.com => erfolgreich verschoben
C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\pavel.sherbakov@gmail.com => Pfad erfolgreich entfernt
C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => erfolgreich verschoben
C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => erfolgreich verschoben
C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard => erfolgreich verschoben
C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Sicherungsstandard\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => nicht gefunden
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\SOFTWARE\Google\Chrome\Extensions\gkmikccifolokanfakbeadbmgchomeli => Schlüssel erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\dbx => Schlüssel erfolgreich entfernt
dbx => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\xhunter1 => Schlüssel erfolgreich entfernt
xhunter1 => Dienst erfolgreich entfernt
C:\ProgramData\sdpsenv.dat => ":naughtypirates" ADS erfolgreich entfernt.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 136519006 B
Java, Flash, Steam htmlcache => 487717628 B
Windows/system/drivers => 282990806 B
Edge => 0 B
Chrome => 226514758 B
Firefox => 382138022 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83492 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 0 B
NRG1 => 1971237849 B
UpdatusUser => 0 B
NET1protected => 1780977 B

RecycleBin => 5541572636 B
EmptyTemp: => 8.4 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 03:05:17 ====


Edited by LASERzzzzzz, 12 March 2017 - 07:30 AM.

....i dont like CHAOS but CHAOS likes me! ....live from EUROPE/germany !!! ....live from EUROPE/germany !!!


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 AM

Posted 12 March 2017 - 08:14 AM

Any remaining issues?

#5 LASERzzzzzz

LASERzzzzzz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe/Germany
  • Local time:09:11 AM

Posted 12 March 2017 - 09:16 AM

hi

both laptops ("Packard-Bell TSX62" and "msi-GE60") that has been scanned and cleaned by FRST are stil running fine: no problems, no issues.

And also my third laptop on my LAN (msi-GT72) is running fine. I guess  everything should be OK on my LAN again.....

 

cu and greets from Germany !

LASERzzzzzz


Edited by LASERzzzzzz, 12 March 2017 - 09:16 AM.

....i dont like CHAOS but CHAOS likes me! ....live from EUROPE/germany !!! ....live from EUROPE/germany !!!


#6 LASERzzzzzz

LASERzzzzzz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe/Germany
  • Local time:09:11 AM

Posted 12 March 2017 - 01:47 PM

hi

 

I just noticed that an add-on has been removed from Firefox on the laptop msi-GE60: Speed dial FVD.

I also cant find it in the list of installed add-ons ( about:addons ).

 

My question is:

Is this a malicious add-on that i should avoid in the future?

I frequently saving complete Firefox profiles that are running on the laptop msi-GE60 (i'm using it as desktop replacement)  to disk in order to use them on my other machines. Currently this Firefox profile

(with Speed dial FVD) is running on my second Laptop msi-GT72. Is it  necessary to uninstal/remove this add-on from the browser profile that i'm currently using on my second laptop msi-GT72 ?

 

thx !

 

LASERzzzzz


Edited by LASERzzzzzz, 12 March 2017 - 03:20 PM.

....i dont like CHAOS but CHAOS likes me! ....live from EUROPE/germany !!! ....live from EUROPE/germany !!!


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:11 AM

Posted 13 March 2017 - 07:47 AM


Speed Dial is considered a Browser Hijacker.
https://virus-removal-instructions.com/removal-instructions-for-fvd-speeddial


It's your call if you want to use it.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.

#8 LASERzzzzzz

LASERzzzzzz
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe/Germany
  • Local time:09:11 AM

Posted 14 March 2017 - 07:31 AM

....had no idea that fvd speeddial is a browser hijacker.  Thx for this info ! I will uninstal this add-on from the laptop msi-GT72 as soon as possible!

 

cu and greets from germany !

LASERzzzzzz

 

EDIT: both laptops are stil runing fine: no problems/no issues.


Edited by LASERzzzzzz, 14 March 2017 - 07:55 AM.

....i dont like CHAOS but CHAOS likes me! ....live from EUROPE/germany !!! ....live from EUROPE/germany !!!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users