| |
| |||||||
Log-Analyse und Auswertung: Windows7: Toolbars, Werbung Istart. Surfen unmöglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.09.2014, 11:25
| #1 |
 |  Windows7: Toolbars, Werbung Istart. Surfen unmöglich Hallo, ich würde gerne den PC eines bekannten überholen. Dabei ist es kaum noch möglich eine Internetseite zu besuchen. Die Startseite lässt sich nicht einstellen und die Anzahl der Toolbars ist mittlerweile beachtlich  Würde mich freuen, wenn ihr mir helfen könnt. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:38 on 06/09/2014 (Franzi)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by ******* (administrator) on *******-PC on 06-09-2014 11:40:17
Running from C:\Users\*******\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Users\*******\AppData\Roaming\VOPackage\VOsrv.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Revizer) C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\fst_de_56\fst_de_56.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [301056 2009-06-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [FILSHtray] => C:\Program Files (x86)\FILSHtray\FILSHtray.exe [596992 2011-12-16] (FILSH Media GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_de_7] => "C:\Program Files (x86)\fst_de_7\fst_de_7.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [fst_de_56] => C:\Program Files (x86)\fst_de_56\fst_de_56.exe [3979760 2014-06-20] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [upfst_de_56.exe] => C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe [3356656 2014-06-20] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-12] (Microsoft Corporation)
HKU\S-1-5-21-183469539-3613899766-4047468319-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-24] (Google Inc.)
HKU\S-1-5-21-183469539-3613899766-4047468319-1000\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\*******\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-183469539-3613899766-4047468319-1000\...\Run: [BlockAndSurf] => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf.exe [131584 2014-06-10] (Revizer)
HKU\S-1-5-21-183469539-3613899766-4047468319-1000\...\MountPoints2: {8ce0fcd3-1865-11e1-a8f1-705ab6144e7e} - E:\iStudio.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [224728 2014-09-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [181720 2014-09-02] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14307;https=127.0.0.1:14307
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=55&CUI=&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
URLSearchHook: HKLM-x32 - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\*******\AppData\LocalLow\DVDVideoSoftTB\prxtbDVD0.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
URLSearchHook: HKCU - MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\*******\AppData\LocalLow\DVDVideoSoftTB\prxtbDVD0.dll (ClientConnect Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=58&CUI=&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0&q={searchTerms}&SSPV=C212_DC_sp_ie
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE406
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=58&CUI=&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0&q={searchTerms}&SSPV=C212_DC_sp_ie
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BlockAndSurf -> {09B73D47-DE1A-89C6-EE3B-3DEC891DE5E4} -> C:\Program Files (x86)\BlockAndSurf-soft\172.dll ()
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: ToggleMark -> {dc59a866-959c-4638-a191-c13177d0bd68} -> C:\Program Files (x86)\ToggleMark\ToggleMarkbho.dll (ToggleMark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\*******\AppData\LocalLow\DVDVideoSoftTB\prxtbDVD0.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No File
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MCA667DEF-764A-422A-B5BC-5EB5D2D73B57&SearchSource=55&CUI=&UM=2&UP=SPA60947A0-2F8F-4A50-9FE0-6A11A556BD5F&SSPV=
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Freeven pro 1.2 - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\2ab9302c-551a-4804-9971-9932d6d5b0f9@2bfa4cf8-298a-4792-80d5-75352ee81de1.com [2014-07-15]
FF Extension: MediaPlayerplus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-07-15]
FF Extension: Fast Start - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\faststartff@gmail.com [2014-07-13]
FF Extension: BrowseToolE0203 - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} [2014-07-13]
FF Extension: DVDVideoSoftTB - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-12-01]
FF Extension: ST-de3 - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2014-07-15]
FF Extension: FDislike - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\fbdislike@doweb.fr.xpi [2012-04-07]
FF Extension: ToggleMark - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}.xpi [2014-09-06]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-24]
FF Extension: Greasemonkey - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-08]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\extensions\quick_start@gmail.com
FF HKCU\...\Firefox\Extensions: [{C498947A-67CC-C868-A155-E77523522BAE}] - C:\Program Files (x86)\BlockAndSurf-soft\172.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\BlockAndSurf-soft\172.xpi [2014-06-10]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 BlockAndSurf; C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe [179712 2014-06-10] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2998232 2014-09-02] (Client Connect LTD)
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 uCamMonitor; C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 Update ToggleMark; C:\Program Files (x86)\ToggleMark\updateToggleMark.exe [323360 2014-09-06] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
R2 vosr; C:\Users\*******\AppData\Roaming\VOPackage\VOsrv.exe [52736 2014-04-26] () [File not signed]
R2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [217600 2014-06-06] (Wajam Internet Technologies Inc.) [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-28] (Cherished Technololgy LIMITED) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
U3 DfSdkS; No ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 11:40 - 2014-09-06 11:43 - 00029006 _____ () C:\Users\*******\Desktop\FRST.txt
2014-09-06 11:39 - 2014-09-06 11:42 - 00000000 ____D () C:\FRST
2014-09-06 11:39 - 2014-09-06 11:39 - 00000000 ____D () C:\Program Files (x86)\ToggleMark
2014-09-06 11:38 - 2014-09-06 11:38 - 00000474 _____ () C:\Users\*******\Desktop\defogger_disable.log
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 ____D () C:\Users\*******\AppData\Local\SearchProtect
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-09-06 11:32 - 2014-09-06 11:25 - 02104832 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-09-06 11:32 - 2014-09-06 11:25 - 00380416 _____ () C:\Users\*******\Desktop\Gmer-19357.exe
2014-09-06 11:32 - 2014-09-06 11:25 - 00050477 _____ () C:\Users\*******\Desktop\Defogger.exe
2014-09-06 11:01 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-06 11:01 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-06 11:01 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-06 11:01 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-06 11:01 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-06 11:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-06 11:01 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-06 11:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-13 01:10 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 01:10 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 01:10 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 01:10 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 01:10 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 01:10 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 01:10 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 01:10 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 23:08 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 23:08 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 23:07 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 23:07 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 23:07 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 23:07 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 23:07 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 23:07 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 23:07 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 23:07 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 23:07 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 23:07 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 23:07 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 23:07 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-12 23:07 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-12 23:07 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-12 23:07 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 23:07 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 23:07 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 23:07 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 23:07 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 23:07 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 23:07 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 23:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 23:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 23:07 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 23:07 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 23:07 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 23:07 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 23:07 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 23:07 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 23:07 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 23:07 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 23:06 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 23:06 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 23:06 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 23:06 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 23:06 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 23:06 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 23:06 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 23:06 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 23:06 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 23:06 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 23:06 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 23:06 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 23:06 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 23:06 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 23:06 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 23:06 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 23:06 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 23:06 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 23:06 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 23:06 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 23:06 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 23:06 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 23:06 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 23:06 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 23:06 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 23:06 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 23:06 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 23:06 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 23:06 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 23:06 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 23:06 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 23:06 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 23:06 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 23:06 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 23:06 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 23:06 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 23:06 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 23:06 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 23:06 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 23:06 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 23:06 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 23:06 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 23:06 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 23:06 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 23:06 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 23:04 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 23:04 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 23:04 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 23:04 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 23:00 - 2014-08-13 00:05 - 00000000 ____D () C:\Users\*******\Desktop\Neuer Ordner
2014-08-12 22:38 - 2014-08-12 22:38 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 11:43 - 2014-09-06 11:40 - 00029006 _____ () C:\Users\*******\Desktop\FRST.txt
2014-09-06 11:42 - 2014-09-06 11:39 - 00000000 ____D () C:\FRST
2014-09-06 11:39 - 2014-09-06 11:39 - 00000000 ____D () C:\Program Files (x86)\ToggleMark
2014-09-06 11:38 - 2014-09-06 11:38 - 00000474 _____ () C:\Users\*******\Desktop\defogger_disable.log
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 ____D () C:\Users\*******\AppData\Local\SearchProtect
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-09-06 11:38 - 2010-11-16 21:17 - 00000000 ____D () C:\Users\*******
2014-09-06 11:37 - 2014-06-22 14:43 - 00000000 ____D () C:\Users\*******\AppData\Local\fst_de_56
2014-09-06 11:33 - 2009-12-27 23:49 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-06 11:33 - 2009-12-27 23:49 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-06 11:33 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 11:28 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 11:28 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 11:25 - 2014-09-06 11:32 - 02104832 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-09-06 11:25 - 2014-09-06 11:32 - 00380416 _____ () C:\Users\*******\Desktop\Gmer-19357.exe
2014-09-06 11:25 - 2014-09-06 11:32 - 00050477 _____ () C:\Users\*******\Desktop\Defogger.exe
2014-09-06 11:04 - 2009-12-27 14:59 - 01104273 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 10:58 - 2011-01-25 23:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 10:28 - 2014-06-10 20:33 - 00000426 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-09-06 10:28 - 2012-06-10 21:34 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-06 10:25 - 2014-06-10 20:33 - 00000406 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-09-06 10:25 - 2014-04-28 21:10 - 00001538 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5.job
2014-09-06 10:25 - 2014-04-28 21:10 - 00001490 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-5.job
2014-09-06 10:25 - 2014-04-28 21:10 - 00001424 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.job
2014-09-06 10:25 - 2014-04-28 21:09 - 00001444 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-1.job
2014-09-06 10:25 - 2014-04-28 21:09 - 00001396 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-1.job
2014-09-06 10:25 - 2014-04-28 21:09 - 00001376 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-2.job
2014-09-06 10:25 - 2014-04-28 21:08 - 00003124 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3.job
2014-09-06 10:25 - 2014-04-28 21:08 - 00002192 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4.job
2014-09-06 10:25 - 2014-04-28 21:07 - 00002780 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-3.job
2014-09-06 10:25 - 2014-04-28 21:07 - 00002136 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-4.job
2014-09-06 10:25 - 2014-04-28 16:29 - 00004674 _____ () C:\Windows\setupact.log
2014-09-06 10:25 - 2011-01-25 23:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 10:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 10:37 - 2009-07-14 06:45 - 00425816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-05 08:32 - 2014-04-28 21:08 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-09-05 08:32 - 2014-04-28 21:07 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 1.2
2014-08-13 13:06 - 2014-05-06 20:52 - 00090080 _____ () C:\Windows\PFRO.log
2014-08-13 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 01:21 - 2009-10-24 00:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 01:19 - 2012-06-10 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-13 01:17 - 2012-06-10 20:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-13 01:17 - 2012-06-10 20:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-13 01:09 - 2014-05-07 00:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 01:00 - 2014-05-11 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-13 01:00 - 2014-05-01 20:12 - 00000343 _____ () C:\Windows\wininit.ini
2014-08-13 01:00 - 2012-08-07 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-13 00:05 - 2014-08-12 23:00 - 00000000 ____D () C:\Users\*******\Desktop\Neuer Ordner
2014-08-12 22:39 - 2014-05-06 21:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-12 22:38 - 2014-08-12 22:38 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-12 22:38 - 2014-05-06 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-12 22:38 - 2014-05-06 21:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-12 22:35 - 2014-05-08 18:20 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-07 04:06 - 2014-08-12 23:04 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-12 23:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\AskSLib.dll
C:\Users\*******\AppData\Local\Temp\avgnt.exe
C:\Users\*******\AppData\Local\Temp\BackupSetup.exe
C:\Users\*******\AppData\Local\Temp\dlLogic.exe
C:\Users\*******\AppData\Local\Temp\dltr.exe
C:\Users\*******\AppData\Local\Temp\fuhoxzyb.dll
C:\Users\*******\AppData\Local\Temp\GCVerifier.dll
C:\Users\*******\AppData\Local\Temp\nhpmonitor.exe
C:\Users\*******\AppData\Local\Temp\nseC363.exe
C:\Users\*******\AppData\Local\Temp\nsh609B.exe
C:\Users\*******\AppData\Local\Temp\nshE577.exe
C:\Users\*******\AppData\Local\Temp\nsj463B.exe
C:\Users\*******\AppData\Local\Temp\nsj7C2A.exe
C:\Users\*******\AppData\Local\Temp\nsjBA0F.exe
C:\Users\*******\AppData\Local\Temp\nsm6EBF.exe
C:\Users\*******\AppData\Local\Temp\nsx2C51.exe
C:\Users\*******\AppData\Local\Temp\nsx7F6.exe
C:\Users\*******\AppData\Local\Temp\ose00001.exe
C:\Users\*******\AppData\Local\Temp\setup.exe
C:\Users\*******\AppData\Local\Temp\vcredist_x64.exe
C:\Users\*******\AppData\Local\Temp\verifier.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-31 22:43
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by ***** at 2014-09-06 11:44:28
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.102.2002.208 - Alps Electric)
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{ACCA82EB-7088-919E-5E1C-100A24F11CCF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BlockAndSurf (HKLM-x32\...\08C32DDE-4BDC-E1D0-542D-B93D01488AE4) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version: - Microsoft)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.8.5.1 - DVDVideoSoftTB)
EASEUS Partition Master 6.5.2 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS)
eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.2.0805 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
FILSHtray Version 0.8 (HKLM-x32\...\{5928359F-BF46-4646-BF19-B64E55171EB5}_is1) (Version: 0.8 - FILSH Media GmbH)
Freeven pro 1.2 (HKLM-x32\...\Freeven pro 1.2) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
fst_de_37 (HKLM-x32\...\fst_de_37_is1) (Version: - fst) <==== ATTENTION
fst_de_56 (HKLM-x32\...\fst_de_56_is1) (Version: - FREE_SOFT_TODAY) <==== ATTENTION
fst_de_7 (HKLM-x32\...\fst_de_7_is1) (Version: - free_soft_today)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HAMA WEBCAM AC-100 (HKLM-x32\...\{32C2F9AA-7484-48C2-AC19-2031F2ADD8F2}) (Version: 1.52 - )
Hama Webcam Suite (HKLM-x32\...\{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}) (Version: - ArcSoft)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.02 - eMachines)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
MediaPlayerplus (HKLM-x32\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Messenger Plus! Live (HKLM-x32\...\Messenger Plus! Live) (Version: 4.90.0.392 - Yuna Software)
MessengerPlusLive Germany TB Toolbar (HKLM-x32\...\MessengerPlusLive_Germany_TB Toolbar) (Version: 5.7.2.2 - MessengerPlusLive Germany TB)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.2.3 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
softonic-de3 Toolbar (HKLM-x32\...\softonic-de3 Toolbar) (Version: 6.2.2.4 - softonic-de3) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.1.9385 - TeamViewer GmbH)
ToggleMark (HKLM\...\ToggleMark) (Version: 2014.09.06.052616 - ToggleMark) <==== ATTENTION
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Wajam (HKLM-x32\...\Wajam) (Version: 2.8 (i2.1) - Wajam) <==== ATTENTION
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3009 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WPM18.8.0.212 (HKLM-x32\...\WPM) (Version: 18.8.0.212 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1C6A7945-C923-4F45-BCA5-F7DF1A367987} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3 => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3.exe <==== ATTENTION
Task: {4A736C5F-F76C-4352-8F2D-CEE48EA3E068} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-2 => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-2.exe <==== ATTENTION
Task: {50ED9A55-9348-4DC9-97CC-AC35DF5082AC} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe [2014-06-10] () <==== ATTENTION
Task: {69E50893-6DA5-41B4-9473-84D303AD6750} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {7CEFEAE6-CF69-48C2-9255-4B82A5937978} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-3 => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-3.exe <==== ATTENTION
Task: {7EA61D14-B4AE-4186-884E-5A6F8B3786F5} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-1 => C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe <==== ATTENTION
Task: {86D8E24C-9D91-4174-A59E-69D24DFBCC92} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfs64.exe [2014-06-10] () <==== ATTENTION
Task: {94966810-D87D-4022-9809-3A6D2836421C} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4 => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4.exe <==== ATTENTION
Task: {952E2AE3-A124-4441-94AD-0EBC2F9A43DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AA9F3486-2C1D-4D6C-854E-3F7FC1190603} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28] (AnyProtect by CMI) <==== ATTENTION
Task: {AD03FF07-2705-4335-96A5-AB39CB855965} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5 => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5.exe <==== ATTENTION
Task: {B03A8522-D7AB-4D43-B43E-89B42E809A98} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28] (AnyProtect by CMI) <==== ATTENTION
Task: {BBA10B45-32E9-4017-B7B5-33920DA1C48B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25] (Google Inc.)
Task: {C075F5EF-5340-4DED-AEA8-092E3A368068} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28] (AnyProtect by CMI) <==== ATTENTION
Task: {DE1C0252-3A92-464B-97A4-9C1EFAA44262} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25] (Google Inc.)
Task: {DFB65E5A-A842-4A8B-A8C1-075A06162507} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2 => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe <==== ATTENTION
Task: {E39F3E63-D31C-4951-8950-C69B063ADA18} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-5 => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-5.exe <==== ATTENTION
Task: {E928B057-29CC-4448-925D-89FB001AB92F} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-4 => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-4.exe <==== ATTENTION
Task: {F8E37130-6CFC-4F14-9B98-07FBBBA1E380} - System32\Tasks\One-Click Optimizer => D:\Ashampoo WinOptimizer 9\WO9.exe [2012-05-14] (Ashampoo Development GmbH & Co. KG)
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-1.job => C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-2.job => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-3.job => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-4.job => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-5.job => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.job => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3.job => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4.job => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5.job => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfs64.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf_wd.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => D:\Ashampoo WinOptimizer 9\WO9.exe
==================== Loaded Modules (whitelisted) =============
2014-06-10 20:33 - 2014-06-10 20:33 - 00100864 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-26 19:58 - 2014-04-26 19:58 - 00052736 _____ () C:\Users\*****\AppData\Roaming\VOPackage\VOsrv.exe
2014-06-22 14:43 - 2014-06-20 16:32 - 03356656 _____ () C:\Users\*****\AppData\Local\fst_de_56\upfst_de_56.exe
2014-06-22 14:43 - 2014-06-20 16:32 - 03979760 _____ () C:\Program Files (x86)\fst_de_56\fst_de_56.exe
2014-06-10 20:33 - 2014-06-10 20:33 - 00179712 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe
2014-09-06 08:01 - 2014-09-06 08:01 - 00323360 _____ () C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
2014-06-10 20:33 - 2014-06-10 20:33 - 00172544 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-06 21:08 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Spotify => "C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/06/2014 11:39:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x2a0c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/06/2014 11:39:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x2134
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/06/2014 11:01:51 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (09/06/2014 11:01:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (09/06/2014 11:01:29 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (09/06/2014 11:01:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (08/19/2014 09:08:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: *****-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/19/2014 09:08:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: *****-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/13/2014 01:12:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (08/13/2014 01:09:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
System errors:
=============
Error: (09/06/2014 11:09:01 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 10.
Error: (09/06/2014 10:26:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/06/2014 10:26:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (09/06/2014 10:25:12 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/06/2014 10:25:12 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/05/2014 10:38:05 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (09/05/2014 10:36:53 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/05/2014 10:36:53 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/05/2014 10:34:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/05/2014 10:34:21 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (09/06/2014 11:39:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b2a0c01cfc9b2f8c939c7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb47e7a26-35a9-11e4-a8c7-705ab6144e7e
Error: (09/06/2014 11:39:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b213401cfc9b2f82c1ef5C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb2cade54-35a9-11e4-a8c7-705ab6144e7e
Error: (09/06/2014 11:01:51 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (09/06/2014 11:01:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (09/06/2014 11:01:29 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (09/06/2014 11:01:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (08/19/2014 09:08:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: *****-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (08/19/2014 09:08:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: *****-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/13/2014 01:12:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (08/13/2014 01:09:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
==================== Memory info ===========================
Processor: AMD Athlon(tm) Processor TF-20
Percentage of memory in use: 40%
Total physical RAM: 3836.05 MB
Available physical RAM: 2293.85 MB
Total Pagefile: 7670.28 MB
Available Pagefile: 5811.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (eMachines) (Fixed) (Total:68.36 GB) (Free:1.84 GB) NTFS
Drive d: (Lager) (Fixed) (Total:68.58 GB) (Free:47.55 GB) NTFS
Drive e: () (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C67F5CA2)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=68.6 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-06 12:14:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545016B9A300 rev.PBBOC60F 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\*******\AppData\Local\Temp\kwriipob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002e04000 45 bytes [4D, 6D, 53, 74, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002e0402f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\IePluginService\PluginService.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\ProgramData\IePluginService\PluginService.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe[2840] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe[2840] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[244] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[244] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe[12956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe[12956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[11300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[11300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[11076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[11076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1332] (WPM Service/Cherished Technololgy LIMITED)(2 00000000011d0000
Process C:\Users\*******\AppData\Roaming\VOPackage\VOsrv.exe (*** suspicious ***) @ C:\Users\*******\AppData\Roaming\VOPackage\VOsrv.exe [2744](2014-04-26 17:58:28) 00000000012a0000
Process C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe (*** suspicious ***) @ C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe [3476](2014-06-22 12:43:36) 0000000000200000
---- EOF - GMER 2.1 ----
|
Baum-Darstellung