| |
| |||||||
Log-Analyse und Auswertung: Avira durch gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.07.2014, 10:35
| #16 |
| /// TB-Ausbilder /// Anleitungs-Guru  |  Avira durch gruppenrichtlinie blockiert Hi, bitte das Log von ESET wie in der Anleitung beschrieben posten und dann mit den weiteren Anweisungen fortfahren.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.07.2014, 10:39
| #17 |
 | Avira durch gruppenrichtlinie blockiert hier die neuen Farbarlogs:
__________________FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by jesper1 (administrator) on JESPER-PC on 26-07-2014 11:31:25
Running from C:\Users\jesper1\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52168 2008-06-30] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [934152 2011-11-07] (ABBYY.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-07-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-3597317893-1479406781-1183269255-1006\...\Run: [GoogleChromeAutoLaunch_38201BD139A14A448B78DDA60B7B0809] => C:\Users\jesper1\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x36E418B8B4A4CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll No File
DPF: HKLM-x32 {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} https://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default
FF DefaultSearchEngine: Google.de
FF SelectedSearchEngine: Google.de
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.musicfrost.com/results.php?q=
FF NetworkProxy: "autoconfig_url", "hxxp://www.ub.fernuni-hagen.de/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jesper1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jesper1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\jesper1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jesper1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\amazonde.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\digibib.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\googlede.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\leo-deu-eng.xml
FF SearchPlugin: C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\searchplugins\youtube-videosuche.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-05-10]
FF Extension: No Name - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\SearchHelper [2014-05-10]
FF Extension: DDBAC Plug-In - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A} [2014-05-10]
FF Extension: Live HTTP Headers - C:\Users\jesper1\AppData\Roaming\Mozilla\Firefox\Profiles\y4v9y4ed.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (20-20 3D Viewer for IKEA) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\NP_2020Player_IKEA.dll No File
CHR Plugin: (Intel(R) Threading Building Blocks for Windows) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\tbb.dll No File
CHR Plugin: (Intel(R) Threading Building Blocks for Windows) - C:\Users\jesper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.94.0_0\tbbmalloc.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Contribute CS5 ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\jesper\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\jesper\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (ProxFlow) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-10]
CHR Extension: (YouTube) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google-Suche) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Internet Banking der OLB) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fipffogddddpcmkklaodlnofkmpognml [2014-05-10]
CHR Extension: (AdBlock) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-10]
CHR Extension: (RealPlayer Downloader) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-10]
CHR Extension: (Hangouts) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-13]
CHR Extension: (Facebook Notifications) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-05-10]
CHR Extension: (Google Wallet) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm [2014-05-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-05-10]
CHR Extension: (Google Mail) - C:\Users\jesper1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR StartMenuInternet: Google Chrome - C:\Users\jesper\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-10-12] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 CDMA Device Service; C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2010-06-24] (Nitro PDF Software)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-06] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-22] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2013-03-21] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 20:04 - 2014-07-25 20:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 20:04 - 2014-07-25 20:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-25 20:04 - 2014-07-25 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-25 20:04 - 2014-07-25 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 20:04 - 2014-07-25 20:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-25 20:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-25 20:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-25 20:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-25 19:13 - 2014-07-25 19:13 - 00030017 _____ () C:\ComboFix.txt
2014-07-25 18:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-25 18:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-25 18:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-25 18:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-25 18:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-25 18:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-25 18:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-25 18:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-25 18:51 - 2014-07-25 19:13 - 00000000 ____D () C:\Qoobox
2014-07-25 18:51 - 2014-07-25 19:10 - 00000000 ____D () C:\Windows\erdnt
2014-07-25 18:49 - 2014-07-25 18:49 - 05563277 ____R (Swearware) C:\Users\jesper1\Desktop\ComboFix.exe
2014-07-25 17:56 - 2014-07-25 17:56 - 00003302 _____ () C:\Windows\System32\Tasks\{6D341E45-9F8E-45B3-A8E7-A45A97774125}
2014-07-25 17:33 - 2014-07-25 18:06 - 00039626 _____ () C:\Users\jesper1\Desktop\Addition.txt
2014-07-25 17:30 - 2014-07-26 11:31 - 00029481 _____ () C:\Users\jesper1\Desktop\FRST.txt
2014-07-25 17:30 - 2014-07-25 15:59 - 02093568 _____ (Farbar) C:\Users\jesper1\Desktop\FRST64.exe
2014-07-25 17:17 - 2014-07-25 17:19 - 00001281 _____ () C:\Windows\system32\Drivers\etc\hosts datei.lnk
2014-07-25 15:59 - 2014-07-26 11:31 - 00000000 ____D () C:\FRST
2014-07-20 10:43 - 2014-07-20 10:43 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 12:41 - 2014-07-18 14:26 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-07-18 12:41 - 2014-07-18 12:41 - 00001866 _____ () C:\Users\Public\Desktop\FLAC Frontend.lnk
2014-07-18 12:41 - 2014-07-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
2014-07-18 12:34 - 2014-07-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-18 01:16 - 2014-07-25 15:42 - 00000000 ____D () C:\ProgramData\EdjalJahqi
2014-07-11 19:55 - 2014-07-11 19:57 - 00000000 ____D () C:\jexepackres
2014-07-11 19:55 - 2014-07-11 19:55 - 00000033 _____ () C:\Users\jesper1\AstroViewer 3.1.6-Path
2014-07-11 19:55 - 2014-07-11 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroViewer 3.1.6
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 ____D () C:\Users\jesper1\AppData\Local\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2014-07-06 17:41 - 2014-07-25 20:44 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-06 17:38 - 2014-07-06 17:39 - 00291296 _____ () C:\Windows\Minidump\070614-29265-01.dmp
2014-07-06 17:21 - 2014-07-06 18:00 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-07-06 17:21 - 2014-07-06 18:00 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-06 11:33 - 2014-07-25 20:44 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-06 11:32 - 2014-07-06 11:32 - 00001046 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-07-06 11:31 - 2014-07-06 11:31 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-26 11:31 - 2014-07-25 17:30 - 00029481 _____ () C:\Users\jesper1\Desktop\FRST.txt
2014-07-26 11:31 - 2014-07-25 15:59 - 00000000 ____D () C:\FRST
2014-07-26 11:24 - 2014-06-13 12:51 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job
2014-07-26 11:23 - 2014-06-13 12:51 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job
2014-07-26 11:15 - 2012-04-05 20:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 10:36 - 2010-08-16 13:36 - 01279040 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 20:53 - 2009-07-14 19:58 - 00702436 _____ () C:\Windows\system32\perfh007.dat
2014-07-25 20:53 - 2009-07-14 19:58 - 00150044 _____ () C:\Windows\system32\perfc007.dat
2014-07-25 20:53 - 2009-07-14 07:13 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 20:51 - 2009-07-14 06:45 - 00021120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 20:51 - 2009-07-14 06:45 - 00021120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 20:47 - 2014-07-25 20:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 20:44 - 2014-07-06 17:41 - 00003368 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-25 20:44 - 2014-07-06 11:33 - 00003238 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-25 20:44 - 2014-05-10 01:11 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Dropbox
2014-07-25 20:43 - 2014-01-25 13:54 - 00000000 ____D () C:\Windows\msagent
2014-07-25 20:43 - 2010-08-16 17:14 - 00232896 _____ () C:\Windows\PFRO.log
2014-07-25 20:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 20:43 - 2009-07-14 06:51 - 00001309 _____ () C:\Windows\setupact.log
2014-07-25 20:41 - 2014-05-09 23:28 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-07-25 20:04 - 2014-07-25 20:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-25 20:04 - 2014-07-25 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-25 20:04 - 2014-07-25 20:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 20:04 - 2014-07-25 20:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-25 19:13 - 2014-07-25 19:13 - 00030017 _____ () C:\ComboFix.txt
2014-07-25 19:13 - 2014-07-25 18:51 - 00000000 ____D () C:\Qoobox
2014-07-25 19:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-25 19:10 - 2014-07-25 18:51 - 00000000 ____D () C:\Windows\erdnt
2014-07-25 19:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-25 18:49 - 2014-07-25 18:49 - 05563277 ____R (Swearware) C:\Users\jesper1\Desktop\ComboFix.exe
2014-07-25 18:06 - 2014-07-25 17:33 - 00039626 _____ () C:\Users\jesper1\Desktop\Addition.txt
2014-07-25 17:56 - 2014-07-25 17:56 - 00003302 _____ () C:\Windows\System32\Tasks\{6D341E45-9F8E-45B3-A8E7-A45A97774125}
2014-07-25 17:55 - 2014-05-10 01:10 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\.minecraft
2014-07-25 17:19 - 2014-07-25 17:17 - 00001281 _____ () C:\Windows\system32\Drivers\etc\hosts datei.lnk
2014-07-25 17:11 - 2010-08-18 12:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-25 17:10 - 2011-01-20 22:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-25 17:10 - 2011-01-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
2014-07-25 17:10 - 2010-10-06 15:41 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-25 15:59 - 2014-07-25 17:30 - 02093568 _____ (Farbar) C:\Users\jesper1\Desktop\FRST64.exe
2014-07-25 15:42 - 2014-07-18 01:16 - 00000000 ____D () C:\ProgramData\EdjalJahqi
2014-07-25 15:39 - 2014-05-10 01:13 - 00001024 _____ () C:\Users\jesper1\Desktop\Dropbox.lnk
2014-07-25 15:39 - 2014-05-10 01:12 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 15:32 - 2014-02-20 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-25 15:32 - 2012-05-13 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 21:49 - 2014-05-10 01:14 - 00000000 ____D () C:\Users\jesper1\Documents\Citavi 3
2014-07-20 14:57 - 2014-05-12 11:33 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-20 14:57 - 2014-05-12 11:33 - 00003216 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006
2014-07-20 10:43 - 2014-07-20 10:43 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Apple Computer
2014-07-18 14:42 - 2014-05-10 01:14 - 00000000 ____D () C:\Users\jesper1\Documents\DVDVideoSoft
2014-07-18 14:40 - 2014-05-10 01:13 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\vlc
2014-07-18 14:26 - 2014-07-18 12:41 - 00000000 ____D () C:\Program Files (x86)\FLAC
2014-07-18 12:41 - 2014-07-18 12:41 - 00001866 _____ () C:\Users\Public\Desktop\FLAC Frontend.lnk
2014-07-18 12:41 - 2014-07-18 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC
2014-07-18 12:35 - 2010-08-17 20:06 - 00000000 ____D () C:\Program Files (x86)\Winamp3
2014-07-18 12:34 - 2014-07-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-17 08:39 - 2014-05-10 01:13 - 00002371 _____ () C:\Users\jesper1\Desktop\Google Chrome.lnk
2014-07-11 19:57 - 2014-07-11 19:55 - 00000000 ____D () C:\jexepackres
2014-07-11 19:55 - 2014-07-11 19:55 - 00000033 _____ () C:\Users\jesper1\AstroViewer 3.1.6-Path
2014-07-11 19:55 - 2014-07-11 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroViewer 3.1.6
2014-07-11 19:55 - 2014-05-10 00:45 - 00000000 ____D () C:\Users\jesper1
2014-07-10 11:49 - 2013-05-14 08:26 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-09 00:15 - 2012-04-05 20:22 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:15 - 2012-04-05 20:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 00:15 - 2011-05-22 09:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-08 15:28 - 2014-07-08 15:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 ____D () C:\Users\jesper1\AppData\Local\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\ProgramData\Apple
2014-07-08 15:24 - 2014-07-08 15:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-08 15:19 - 2014-07-08 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2014-07-06 18:00 - 2014-07-06 17:21 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-07-06 18:00 - 2014-07-06 17:21 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-06 18:00 - 2009-07-14 06:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-06 17:39 - 2014-07-06 17:38 - 00291296 _____ () C:\Windows\Minidump\070614-29265-01.dmp
2014-07-06 17:38 - 2012-01-25 12:10 - 00000000 ____D () C:\Windows\Minidump
2014-07-06 11:32 - 2014-07-06 11:32 - 00001046 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-06 11:32 - 2014-07-06 11:32 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-07-06 11:32 - 2014-05-10 00:46 - 00000000 ____D () C:\Users\jesper1\AppData\Roaming\Real
2014-07-06 11:32 - 2013-01-05 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-07-06 11:32 - 2010-10-16 21:08 - 00000000 ____D () C:\Program Files (x86)\Real
2014-07-06 11:31 - 2014-07-06 11:31 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-07-06 11:31 - 2014-07-06 11:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-07-06 11:31 - 2010-10-16 21:08 - 00000000 ____D () C:\ProgramData\Real
2014-07-03 15:27 - 2013-05-14 08:24 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\jesper1\AppData\Local\Temp\avgnt.exe
C:\Users\jesper1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf06f9j.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 14:01
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by jesper1 at 2014-07-26 11:32:17
Running from C:\Users\jesper1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0009-0000-0001-074957833700}) (Version: 11.0.376 - ABBYY)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe PDF ePub DRM Removal 4.1.6 (HKLM-x32\...\{C9DD56CA-BAE9-452A-AFE9-834C7770D1A3}) (Version: 4.1.6 - EPUBSOFT)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires Online (HKLM-x32\...\Steam App 105430) (Version: - Microsoft)
ANNO 1602 Königs-Edition (HKLM-x32\...\{077A7810-A937-4465-AD08-ACED9807995F}) (Version: 1.00 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.7.0.0175 - Disc Soft Ltd)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
Audacity 1.3.12 (HKLM-x32\...\Audacity 1.3 Beta_is1) (Version: - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BIOSAgentPlus by eSupport.com (HKLM-x32\...\BIOSAgentPlus_is1) (Version: - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
Cisco AnyConnect VPN Client (HKLM-x32\...\{96C6C69B-B21D-48D9-8ACC-52AE3EB361A2}) (Version: 2.2.0133 - Cisco Systems, Inc.)
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.2 - Swiss Academic Software)
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
Counter-Strike 1.6 (HKLM-x32\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Strokes: Die Sünden der Väter Sammleredition (HKLM-x32\...\BFG-Dark Strokes - Die Suenden der Vaeter Sammleredition) (Version: - )
DDBAC (HKLM-x32\...\{F161B4FF-3976-4917-BD27-CA28C95A13AE}) (Version: 5.3.0 - DataDesign)
Deponia Demo (HKLM-x32\...\Steam App 217830) (Version: - Daedalic Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Die besten Bewerbungsmuster (HKLM-x32\...\EH_Bewmuster) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
DVDFab 8.2.0.8 (29/08/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
Dwarfs F2P (HKLM-x32\...\Steam App 213650) (Version: - Power of 2)
Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version: - Daedalic Entertainment)
ePub DRM Removal (HKLM-x32\...\ePubDRMRemoval) (Version: 1.4.1 - eBook Converter)
Escape From Monkey Island (HKLM-x32\...\bgbennyboyEMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
Evernote v. 4.5.3 (HKLM-x32\...\{7BFD42CA-460A-11E1-AE58-984BE15F174E}) (Version: 4.5.3.6131 - Evernote Corp.)
Express Dictate (HKLM-x32\...\Express) (Version: 5.67 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version: 5.58 - NCH Software)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Franzis Lebenslauf (HKLM-x32\...\Franzis Lebenslauf) (Version: - )
Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version: - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Haufe Formular-Manager (HKLM-x32\...\{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}) (Version: 2.1.8.0 - Haufe)
IBM SPSS Statistics 20 (HKLM\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Inkscape 0.48.4 (HKCU\...\Inkscape) (Version: 0.48.4 - )
ISOpen V4.5 (HKLM-x32\...\ISOpen_is1) (Version: - Koyote Soft)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mindjet MindManager 9 (HKLM-x32\...\{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}) (Version: 9.1.157 - Mindjet)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro PDF Professional (HKLM\...\{48851F89-AA1D-4FFF-90A6-9594C97BDA1B}) (Version: 6.1.2.1 - Nitro PDF Software)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
Paragon Partition Manager™ 12 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Annotator 3.0.0.324 (HKLM-x32\...\PDFAnnotator_is1) (Version: 3.0.0.324 - GRAHL software design)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.7.5 - )
Pointofix (HKLM-x32\...\Pointofix_is1) (Version: - Amerigomedia)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSPP (HKLM-x32\...\B426B849-6071-5684-6429-7BE6B77DAB5B) (Version: 20111111 - GNU)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
R for Windows 2.12.0 (HKLM\...\R for Windows 2.12.0_is1) (Version: 2.12.0 - R Development Core Team)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Ricochet (HKLM-x32\...\Steam App 60) (Version: - Valve)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.130 - Skype Technologies S.A.)
Soldat 1.6.2 (HKLM-x32\...\Soldat_is1) (Version: 1.6.2 - Michal Marcinkowski)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
The X-Files DVD (HKLM-x32\...\The X-Files DVD) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{C5325053-3C37-4A69-959E-4802AE6686EF}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventuz 2008 x64 beta (HKLM\...\{1C0E88DD-F67A-4630-86F5-E0D35A4043D1}) (Version: 2.5.25 - Ventuz Technology)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Virtuallab 6.2.2 (HKLM-x32\...\Virtuallab_is1) (Version: - NASA and University of Illinois at Urbana Champaign)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Winamp3 (remove only) (HKLM-x32\...\Winamp3) (Version: - )
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
XBSlink (HKLM-x32\...\XBSlink) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jesper1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3597317893-1479406781-1183269255-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jesper1\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
26-07-2014 01:58:31 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-07-25 19:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10E107F5-9F9A-4A55-B92E-10CFBA6F79B8} - System32\Tasks\Restart Capsule Task => C:\Program Files (x86)\Capsule\bin\Capsule.exe
Task: {27CBE514-7ACB-4307-B8CD-12F77AF96F08} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {43A49A11-EF3F-427E-ACE7-037D53354C03} - System32\Tasks\{F3AEDA6C-CD6B-4F82-955C-9CB4BCD2D36D} => G:\Install\setup.exe
Task: {49523480-9C0B-49C7-B2EE-97919D0BA962} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)
Task: {55B4F489-A4EA-4B92-B4AC-0948AF3810D5} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {629193CD-D74E-4613-8EA5-6D709D7A4F53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-15] (Google Inc.)
Task: {7F9F8D87-516A-4CAA-92EB-2E6D6BD00A0E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {9B63D3F8-3866-4D58-9C1C-AE2167070CAA} - System32\Tasks\{6FAE2A4E-6313-40C2-9803-67C6DA89EBF8} => Firefox.exe hxxp://ui.skype.com/ui/0/5.3.0.120/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {B2DB15A6-0CB7-4FD7-A566-34A3654939A8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {C33273E9-40AA-4541-BBE4-CE3EB9A55EE5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {C9871D6C-1431-4C51-A60E-79275A857770} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {D877E72B-67D5-4076-92DE-481709FDDF81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {DB27C846-DAE6-48FB-A387-E016C44D2015} - System32\Tasks\{9F812417-0EFB-4DD2-8B2E-27DDA81DEDFC} => E:\spiele\age3\age3.exe
Task: {EC8C529E-7328-43A5-BB8B-0FE1D29E9BD2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {F72B8A0B-9090-4995-A775-63680D997A37} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3597317893-1479406781-1183269255-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006Core.job => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3597317893-1479406781-1183269255-1006UA.job => C:\Users\jesper1\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-10-29 11:31 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-09-04 14:13 - 2011-08-02 11:47 - 00159232 _____ () C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 22:03 - 2014-06-10 22:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-07-06 11:31 - 2014-07-06 11:31 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-07-25 20:44 - 2014-07-25 20:44 - 00043008 _____ () c:\users\jesper1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf06f9j.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\jesper1\AppData\Roaming\Dropbox\bin\libcef.dll
2011-08-31 16:44 - 2011-08-31 16:44 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2011-08-31 16:44 - 2011-08-31 16:44 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 08:39 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\jesper1\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Microsoft:4xyOaSNrqmdg1yIYlqPZG52p
AlternateDataStreams: C:\ProgramData\Microsoft:nCY5YgXSXqiKflay4X791NtHc
AlternateDataStreams: C:\ProgramData\Temp:FCBEDCFD
AlternateDataStreams: C:\Users\jesper\AppData\Local:YamQImQmFbrzKASdojZpHs2c
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Marvell Yukon 88E8055 PCI-E-Gigabit-Ethernet-Controller
Description: Marvell Yukon 88E8055 PCI-E-Gigabit-Ethernet-Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: TSSTcorp CDDVDW TS-L633A ATA Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/26/2014 03:54:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (07/26/2014 03:54:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (07/26/2014 03:53:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/26/2014 03:52:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/26/2014 03:51:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/25/2014 08:53:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (07/25/2014 07:52:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/25/2014 07:52:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/25/2014 07:52:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/25/2014 07:52:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (07/25/2014 11:33:36 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (07/25/2014 08:43:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error: (07/25/2014 08:43:02 PM) (Source: sptd) (EventID: 4) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt.
Error: (07/25/2014 08:42:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (07/25/2014 07:07:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error: (07/25/2014 07:05:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WinDefend" wurde mit folgendem Fehler beendet:
%%5
Error: (07/25/2014 07:04:54 PM) (Source: sptd) (EventID: 4) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt.
Error: (07/25/2014 07:04:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/25/2014 07:04:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/25/2014 07:03:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
Error: (06/26/2014 03:07:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/28/2010 09:12:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1027 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-07-25 19:03:07.302
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-25 19:03:07.224
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 4090.61 MB
Available physical RAM: 2391.18 MB
Total Pagefile: 8179.41 MB
Available Pagefile: 6336.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:45.41 GB) (Free:6.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:5 GB) (Free:2.32 GB) NTFS
Drive e: () (Fixed) (Total:237.67 GB) (Free:22.03 GB) NTFS
Drive i: (KINGSTON) (Removable) (Total:28.8 GB) (Free:28.64 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B6394A61)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=45 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=05)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter Farbar Service Scanner Version: 21-07-2014
Ran by jesper1 (administrator) on 26-07-2014 at 11:36:25
Running from "E:\downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
 |
|
26.07.2014, 11:01
| #18 |
| /// TB-Ausbilder /// Anleitungs-Guru | Avira durch gruppenrichtlinie blockiert Hi,
__________________bitte deinstallieren: Java 7 Update 55 Java 7 Update 9 Java(TM) 6 Update 31 Bitte installieren: Von hier bitte den neuesten Internet Explorer installieren. Java installieren.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Combofix verwendet wurde:  Combofix-Deinstallation.
Alle Logs gepostet? Ja! Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft!  Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.   Wie kann ich mich in Zukunft besser schützen?Tipps, Dos & Don'ts  Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
 Cracks, Downloads & Co.Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ |
|
+ R Taste und schreibe Combofix /Uninstall in das 
Windows die 
automatischen Updates
Firewall. Die in Windows integrierte genügt im Normalfall völlig.
ESET
NoScript
Linear-Darstellung
