| |
| |||||||
Log-Analyse und Auswertung: Win 7, langsamer Start und Probleme im InternetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.09.2014, 19:52
| #1 |
 |  Win 7, langsamer Start und Probleme im Internet Hallo, beim Start von meinem Win7-Rechner ist am Anfang alles normal. Wenn Windows gestartet ist gehen alle Symbole der Icons auf dem Desktop weg und kommen dann neu. Bis WLAN dann funktioniert gehe es nochmal eine gewisse Zeit. Im Internet ist mir aufgefallen, dass bestimmte Sachen, zB einloggen im Postfach, beim ersten Mal eine Fehlermeldung und beim zweiten Mal hat es dann funktioniert. Bei verschiedenen Online-Spielen werden manche Sachen auf einmal nicht mehr angezeigt. FRST habe ich bereits runtergeladen. FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by X1 (administrator) on X1-PC on 17-09-2014 20:40:46
Running from C:\Users\X1\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valion Group) C:\Program Files (x86)\RebateInformer\RebateInf.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2917026532-1704927967-2421539612-1000\...\Run: [RebateInformer] => C:\Program Files (x86)\RebateInformer\RebateInf.exe [2672000 2014-08-15] (Valion Group)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3D98B987A345CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM-x32 - AOL Deutschland Toolbar Search Class - {66a449dc-6b1d-4187-a4f1-b335d3da5365} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - AOL Deutschland Toolbar Search Class - {66a449dc-6b1d-4187-a4f1-b335d3da5365} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-aolde-chromesbox-de-de
SearchScopes: HKCU - DefaultScope {4B675094-CFC1-4251-8F1D-CFFC9FF46CDB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VK^DE&apn_uid=a685d0e5-58fd-4dbf-858b-03c39f09954c&apn_sauid=12AD7F92-3FC6-4DD9-99C4-3E749CFC96A7
SearchScopes: HKCU - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-aolde-chromesbox-de-de
SearchScopes: HKCU - {4B675094-CFC1-4251-8F1D-CFFC9FF46CDB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VK^DE&apn_uid=a685d0e5-58fd-4dbf-858b-03c39f09954c&apn_sauid=12AD7F92-3FC6-4DD9-99C4-3E749CFC96A7
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80814&lng=de
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
BHO-x32: AOL Deutschland Toolbar Loader -> {2d3b1910-86c2-4d4b-b1db-124b3ea35bef} -> C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: No Name -> {CCB69577-088B-4004-9ED8-FF5BCC83A039} -> C:\Program Files (x86)\RebateInformer\RebateI.dll (Valion Group)
BHO-x32: Avira SearchFree Toolbar plus Web Protection -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - AOL Deutschland Toolbar - {567d4d94-8077-4682-b887-945f3d644116} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebInf64.dll (Valion Group)
Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll (Valion Group)
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox [2013-10-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\X1\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.5.0.crx [2012-10-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [802384 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15680 2006-10-31] ()
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-17 20:40 - 2014-09-17 20:41 - 00009930 _____ () C:\Users\X1\Desktop\FRST.txt
2014-09-17 20:40 - 2014-09-17 20:40 - 00000000 ____D () C:\FRST
2014-09-17 20:39 - 2014-09-17 20:39 - 02105856 _____ (Farbar) C:\Users\X1\Desktop\FRST64.exe
2014-09-13 20:48 - 2014-09-17 20:09 - 00000000 ____D () C:\Users\X1\AppData\Roaming\Systweak
2014-09-13 20:48 - 2014-09-13 21:14 - 00000000 ____D () C:\Users\X1\AppData\Roaming\cloudbkp
2014-09-13 20:48 - 2014-09-13 20:48 - 00004014 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-13 20:48 - 2014-08-20 19:17 - 00019800 _____ () C:\Windows\system32\roboot64.exe
2014-09-13 20:36 - 2014-09-17 20:30 - 00001042 _____ () C:\Windows\setupact.log
2014-09-13 20:36 - 2014-09-13 20:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 13:55 - 2014-09-12 13:56 - 02066125 _____ () C:\Users\X1\Downloads\dawanda&partId=4&saveAs=E-BOOK-Anleitung_Häkelpuschen_SO_NICE_-_Gr20_pdf
2014-09-10 13:37 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 13:37 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 13:37 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 13:37 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 13:37 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 13:37 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 13:37 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 13:37 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 13:37 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 13:37 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 13:37 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 13:37 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 13:37 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 13:37 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 13:37 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 13:37 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 13:37 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 13:37 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 13:37 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 13:37 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 13:37 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 13:37 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 13:37 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 13:37 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 13:37 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 13:37 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 13:37 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 13:37 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 13:37 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 13:37 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 13:37 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 13:37 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 13:37 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 13:37 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 13:37 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 13:37 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 13:37 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 13:37 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 13:37 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 13:37 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 13:37 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 13:37 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 13:37 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 13:37 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 13:37 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 13:37 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 13:37 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 13:37 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 13:37 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 13:37 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 13:29 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 13:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 08:19 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 08:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:18 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 08:18 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 08:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 08:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 08:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 08:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 08:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-02 22:46 - 2014-09-02 22:46 - 00520722 _____ () C:\Users\X1\Downloads\dawanda&partId=3&saveAs=Häkelanleitung_Mäuse-Booties_pdf
2014-09-02 22:44 - 2014-09-02 22:44 - 09148236 _____ () C:\Users\X1\Downloads\dawanda&partId=1&saveAs=Häkelanleitung_Babyschuhe_Princess_Nr__42_pdf
2014-08-29 14:05 - 2014-08-29 14:05 - 00000308 _____ () C:\Users\X1\Downloads\admhelper (1).adh
2014-08-29 14:01 - 2014-08-29 14:05 - 00000308 _____ () C:\Users\X1\Downloads\BK_ADKO_001631DE_LC_64_44100_ster_AXTXDZQXIPM9U.adh
2014-08-28 08:32 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:32 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 08:32 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 07:23 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 07:23 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 07:23 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 07:23 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 07:23 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 07:23 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 07:23 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 07:23 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 07:23 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 07:23 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 07:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 07:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 07:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 07:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-17 20:41 - 2014-09-17 20:40 - 00009930 _____ () C:\Users\X1\Desktop\FRST.txt
2014-09-17 20:40 - 2014-09-17 20:40 - 00000000 ____D () C:\FRST
2014-09-17 20:39 - 2014-09-17 20:39 - 02105856 _____ (Farbar) C:\Users\X1\Desktop\FRST64.exe
2014-09-17 20:38 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 20:38 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 20:35 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-09-17 20:35 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-09-17 20:35 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-17 20:34 - 2012-06-08 17:43 - 01386800 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 20:30 - 2014-09-13 20:36 - 00001042 _____ () C:\Windows\setupact.log
2014-09-17 20:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 20:15 - 2012-06-11 22:05 - 00000000 ____D () C:\Users\X1\AppData\Local\Google
2014-09-17 20:15 - 2012-06-11 22:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-17 20:11 - 2012-09-05 20:07 - 00264138 _____ () C:\Windows\PFRO.log
2014-09-17 20:11 - 2012-06-11 22:05 - 00000000 ____D () C:\Program Files\Google
2014-09-17 20:09 - 2014-09-13 20:48 - 00000000 ____D () C:\Users\X1\AppData\Roaming\Systweak
2014-09-17 20:00 - 2012-06-21 20:21 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-17 19:58 - 2012-07-30 15:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 18:09 - 2014-04-01 19:59 - 00000000 ____D () C:\Users\X1\AppData\Local\Audible
2014-09-17 08:13 - 2012-08-26 21:07 - 00000000 ____D () C:\Program Files (x86)\RebateInformer
2014-09-16 16:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 22:52 - 2013-11-16 23:53 - 00000000 ____D () C:\Users\X1\Documents\My Kindle Content
2014-09-15 09:46 - 2012-11-18 18:30 - 00000000 ____D () C:\Users\X1\AppData\Roaming\ZoomBrowser EX
2014-09-13 21:14 - 2014-09-13 20:48 - 00000000 ____D () C:\Users\X1\AppData\Roaming\cloudbkp
2014-09-13 20:48 - 2014-09-13 20:48 - 00004014 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-13 20:36 - 2014-09-13 20:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 13:56 - 2014-09-12 13:55 - 02066125 _____ () C:\Users\X1\Downloads\dawanda&partId=4&saveAs=E-BOOK-Anleitung_Häkelpuschen_SO_NICE_-_Gr20_pdf
2014-09-11 17:58 - 2014-02-05 15:58 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-11 17:58 - 2012-07-30 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 17:58 - 2012-06-10 10:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 17:58 - 2012-06-08 20:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 13:36 - 2014-02-25 10:29 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 13:36 - 2013-08-15 12:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 13:29 - 2014-05-06 23:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 13:29 - 2012-06-10 10:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-05 04:10 - 2014-09-10 08:18 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 08:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 22:46 - 2014-09-02 22:46 - 00520722 _____ () C:\Users\X1\Downloads\dawanda&partId=3&saveAs=Häkelanleitung_Mäuse-Booties_pdf
2014-09-02 22:44 - 2014-09-02 22:44 - 09148236 _____ () C:\Users\X1\Downloads\dawanda&partId=1&saveAs=Häkelanleitung_Babyschuhe_Princess_Nr__42_pdf
2014-08-30 17:26 - 2013-07-17 10:17 - 00000000 ____D () C:\Users\X1\AppData\Roaming\CameraWindowDC
2014-08-29 14:05 - 2014-08-29 14:05 - 00000308 _____ () C:\Users\X1\Downloads\admhelper (1).adh
2014-08-29 14:05 - 2014-08-29 14:01 - 00000308 _____ () C:\Users\X1\Downloads\BK_ADKO_001631DE_LC_64_44100_ster_AXTXDZQXIPM9U.adh
2014-08-29 12:47 - 2009-07-14 06:45 - 00294656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 08:32 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 08:32 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 08:32 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 19:17 - 2014-09-13 20:48 - 00019800 _____ () C:\Windows\system32\roboot64.exe
2014-08-19 20:05 - 2014-09-10 13:37 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 13:37 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 13:37 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 13:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 13:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 13:37 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 13:37 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 13:37 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 13:37 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 13:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 13:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 13:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 13:37 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-10 13:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 13:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-10 13:37 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 13:37 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 13:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 13:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-10 13:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-10 13:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-10 13:37 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-10 13:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-10 13:37 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-10 13:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-10 13:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 13:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 13:37 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-10 13:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-10 13:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-10 13:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 13:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-10 13:37 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-10 13:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-10 13:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-10 13:37 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-10 13:37 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-10 13:37 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-10 13:37 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-10 13:37 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-10 13:37 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-10 13:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 13:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-10 13:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 13:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-10 13:37 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-10 13:37 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-10 13:37 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-10 13:37 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 13:37 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-10 13:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-10 13:37 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-10 13:37 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-10 13:37 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-10 13:37 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-10 13:37 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\X1\AppData\Local\Temp\AGChecker.exe
C:\Users\X1\AppData\Local\Temp\avgnt.exe
C:\Users\X1\AppData\Local\Temp\OnlineBackup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 14:20
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by X1 at 2014-09-17 20:41:33
Running from C:\Users\X1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1 Pinguin 100 Fälle (HKLM-x32\...\BFG-1 Pinguin 100 Faelle) (Version: - )
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version: - )
A Gnome's Home: Der Kristall des Lebens (HKLM-x32\...\BFG-A Gnome's Home - Der Kristall des Lebens) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AOL Deutschland Toolbar (HKCU\...\AOL Deutschland Toolbar) (Version: - )
AOL Deutschland Toolbar (HKLM-x32\...\AOL Deutschland Toolbar) (Version: - )
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.5.0 - Ask.com) <==== ATTENTION
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2010594558.48.56.38145258 - Audible, Inc.)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.28481 - Ask.com) <==== ATTENTION
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Birds on a Wire (HKLM-x32\...\BFG-Birds on a Wire) (Version: - )
Campgrounds (HKLM-x32\...\BFG-Campgrounds) (Version: - )
Campgrounds: The Endorus Expedition Sammleredition (HKLM-x32\...\BFG-Campgrounds - The Endorus Expedition Sammleredition) (Version: - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
Cate West - The Vanishing Files (HKLM-x32\...\dcf044fc6e1efd464a3b6bfcc74c4919) (Version: - )
Cradle of Egypt (HKLM-x32\...\BFG-Cradle of Egypt) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das ultimative Osterrätsel (HKLM-x32\...\BFG-Das ultimative Osterratsel) (Version: - )
Das ultimative Weihnachtsrätsel-Paket (HKLM-x32\...\BFG-Das ultimative Weihnachtsraetsel-Paket) (Version: - )
Die 4 Elemente II (HKLM-x32\...\Die 4 Elemente II) (Version: 1.0.0.0 - INTENIUM GmbH)
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version: - )
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version: - )
Dreams of a Geisha (HKLM-x32\...\BFG-Dreams of a Geisha) (Version: - )
Dress-Up Pups (HKLM-x32\...\dd06bbd7f8b6ace45e314b3b80dcfcc7) (Version: - )
Ein Yankee unter Rittern (HKLM-x32\...\BFG-Ein Yankee unter Rittern) (Version: - )
El Dorado Quest (HKLM-x32\...\BFG-El Dorado Quest) (Version: - )
Fishdom (HKLM-x32\...\BFG-Fishdom) (Version: - )
Fishdom 3 Sammleredition (HKLM-x32\...\BFG-Fishdom 3 Sammleredition) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gardenscapes - Mansion Makeover Premium Edition (HKLM-x32\...\182cbaeb29e16344e6068a8f7880ee1f) (Version: - )
Gardenscapes(TM) (HKLM-x32\...\94a888f0cc14f46f31dbe64760d265e3) (Version: - )
Hello Venice (HKLM-x32\...\4e23c238b344d82a7faaf1494690f46f) (Version: - )
Hidden Object Crosswords (HKLM-x32\...\BFG-Hidden Object Crosswords) (Version: - )
Hidden Wonders of the Depths (HKLM-x32\...\BFG-Hidden Wonders of the Depths) (Version: - )
Holiday Jigsaw: Valentinstag (HKLM-x32\...\BFG-Holiday Jigsaw - Valentinstag) (Version: - )
Island Tribe 3 (HKLM-x32\...\9131b468f75938b04a5da83b28a5141b) (Version: - )
Jewel Match - Winter Wonderland (HKLM-x32\...\BFG-Jewel Match - Winter Wonderland) (Version: - )
Jigs@w Puzzle 2 (HKLM-x32\...\BFG-Jigs@w Puzzle 2) (Version: - )
Jigsaw Boom (HKLM-x32\...\BFG-Jigsaw Boom) (Version: - )
Jigsaw World (HKLM-x32\...\49a213cae8c161bbc6283bb92a2911cb) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\BFG-Legends of Solitaire - Die verlorenen Karten) (Version: - )
Liong - The Dragon Dance (HKLM-x32\...\b44d1c7dfb19ca4f4653e190ea54e5ce) (Version: - )
Liong - The Lost Amulets (HKLM-x32\...\195d427afff066bdd0f3a5bb62fa90c1) (Version: - )
Little Shop of Treasures (HKLM-x32\...\71f8a07131cc25b1c18b432ba27c6759) (Version: - )
Little Things Forever (HKLM-x32\...\BFG-Little Things Forever) (Version: - )
LUXOR Great Adventures (HKLM-x32\...\0c6992c24d5411a5081752bd53f1477e) (Version: - )
Luxor MahJong (HKLM-x32\...\ee3e54471547c681968fbf933a57e9f6) (Version: - )
Magic Encyclopedia: Illusionen (HKLM-x32\...\Magic Encyclopedia: Illusionen) (Version: 1.0.0.0 - INTENIUM GmbH)
Mahjong Towers Eternity (HKLM-x32\...\BFG-Mahjong Towers Eternity) (Version: - )
Mahjongg Dimensions Deluxe - Tiles in Time (HKLM-x32\...\3cb1e59e3f781367097efff509bd1537) (Version: - )
Mahjongg Dimensions Deluxe (HKLM-x32\...\9ac1643eb7e8f26282321d12c5baf3bb) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mr Puzzle (HKLM-x32\...\BFG-Mr Puzzle) (Version: - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mysteries of Horus (HKLM-x32\...\BFG-Mysteries of Horus) (Version: - )
Mystery Legends - Beauty and the Beast (HKLM-x32\...\c7bdf000efa3f2f32977d770027a79b4) (Version: - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Ostereierspektakel (HKLM-x32\...\BFG-Ostereierspektakel) (Version: - )
Pastime Puzzles Deluxe - The Fifties (HKLM-x32\...\8341a549a6ff275278d283c38c989850) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Peggle Nights (HKLM-x32\...\BFG-Peggle Nights) (Version: - )
Puzzle Park (HKLM-x32\...\BFG-Puzzle Park) (Version: - )
Rainbow Web (HKLM-x32\...\977a30aad43ce761559b310356426a15) (Version: - )
Rainbow Web 2 (HKLM-x32\...\ee601fa010ca9308fd3454987eb467b1) (Version: - )
Rainbow Web 3 (HKLM-x32\...\9c9c5338e0567bbe27cc20b4e137575c) (Version: - )
Ravensburger Puzzle II (HKLM-x32\...\BFG-Ravensburger Puzzle II) (Version: - )
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
RebateInformer (HKLM-x32\...\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1) (Version: 1.0.0.83 - Inbox.com, Inc.)
Redemption Cemetery: Bitterer Frost Sammleredition (HKLM-x32\...\BFG-Redemption Cemetery - Bitterer Frost Sammleredition) (Version: - )
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version: - )
Royal Envoy 2 Sammleredition (HKLM-x32\...\BFG-Royal Envoy 2 Sammleredition) (Version: - )
Royal Envoy: Campaign for the Crown Sammleredition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Sammleredition) (Version: - )
SAT1 GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
Seven Seas Solitaire (HKLM-x32\...\BFG-Seven Seas Solitaire) (Version: - )
SiteRanker (HKLM-x32\...\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1) (Version: 1.0.0.29 - Crawler, LLC)
Sudoku, Kakuro & Friends (HKLM-x32\...\BFG-Sudoku, Kakuro & Friends) (Version: - )
Sweet Kingdom: Verhexte Prinzessin (HKLM-x32\...\BFG-Sweet Kingdom - Verhexte Prinzessin) (Version: - )
Tropical Fish Shop 2 (HKLM-x32\...\BFG-Tropical Fish Shop 2) (Version: - )
Weihnachtswunderland 2 (HKLM-x32\...\BFG-Weihnachtswunderland 2) (Version: - )
Weird Park - Broken Tune (HKLM-x32\...\f391612f1dc75ecfd794b51eda4d1db0) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World Mosaics 4 (HKLM-x32\...\BFG-World Mosaics 4) (Version: - )
World Riddles: Seven Wonders (HKLM-x32\...\BFG-World Riddles - Seven Wonders) (Version: - )
World's Greatest Places Mahjong (HKLM-x32\...\BFG-World's Greatest Places Mahjong) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2917026532-1704927967-2421539612-1000_Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6}\InprocServer32 -> C:\Program Files (x86)\RebateInformer\RebInf64.dll (Valion Group)
CustomCLSID: HKU\S-1-5-21-2917026532-1704927967-2421539612-1000_Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}\InprocServer32 -> C:\Program Files (x86)\RebateInformer\RebInf64.dll (Valion Group)
CustomCLSID: HKU\S-1-5-21-2917026532-1704927967-2421539612-1000_Classes\CLSID\{D4AB823B-3EBC-477B-AA5B-D7061C9E83B0}\InprocServer32 -> C:\Program Files (x86)\RebateInformer\RebInf64.dll (Valion Group)
==================== Restore Points =========================
02-09-2014 06:04:25 Windows Update
05-09-2014 11:03:31 Windows Update
09-09-2014 07:02:33 Windows Update
10-09-2014 11:28:51 Windows Update
16-09-2014 07:01:33 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E52BB83-070B-4CB9-BB7D-B7A7ADCEEAA5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-06] () <==== ATTENTION
Task: {1D22B8B7-825E-4949-A9A3-780E8F029FA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {E14195F0-CD3D-4A70-BE45-85C338DB77AC} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:000D6A25
AlternateDataStreams: C:\ProgramData\TEMP:01D2B3C4
AlternateDataStreams: C:\ProgramData\TEMP:0406003C
AlternateDataStreams: C:\ProgramData\TEMP:06C34166
AlternateDataStreams: C:\ProgramData\TEMP:07D64CD9
AlternateDataStreams: C:\ProgramData\TEMP:084612C9
AlternateDataStreams: C:\ProgramData\TEMP:08677BDD
AlternateDataStreams: C:\ProgramData\TEMP:089CBF08
AlternateDataStreams: C:\ProgramData\TEMP:0988A428
AlternateDataStreams: C:\ProgramData\TEMP:0A5F8BFC
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:0BF391F5
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B
AlternateDataStreams: C:\ProgramData\TEMP:102394C6
AlternateDataStreams: C:\ProgramData\TEMP:113787F5
AlternateDataStreams: C:\ProgramData\TEMP:14D29229
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:16A4620C
AlternateDataStreams: C:\ProgramData\TEMP:18B3AE54
AlternateDataStreams: C:\ProgramData\TEMP:1A5207FA
AlternateDataStreams: C:\ProgramData\TEMP:1A7FFE9C
AlternateDataStreams: C:\ProgramData\TEMP:1B927722
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801
AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2
AlternateDataStreams: C:\ProgramData\TEMP:27D1368B
AlternateDataStreams: C:\ProgramData\TEMP:28DB0DC4
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:322D2CD3
AlternateDataStreams: C:\ProgramData\TEMP:3571475C
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3AF262FC
AlternateDataStreams: C:\ProgramData\TEMP:3DF14C8F
AlternateDataStreams: C:\ProgramData\TEMP:3E988A0F
AlternateDataStreams: C:\ProgramData\TEMP:41289DF0
AlternateDataStreams: C:\ProgramData\TEMP:4149A170
AlternateDataStreams: C:\ProgramData\TEMP:426D1496
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:45F3AD49
AlternateDataStreams: C:\ProgramData\TEMP:46CBC45C
AlternateDataStreams: C:\ProgramData\TEMP:4A853310
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:5539129F
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:5AC256BC
AlternateDataStreams: C:\ProgramData\TEMP:5B4686D7
AlternateDataStreams: C:\ProgramData\TEMP:5C3ED5BB
AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A
AlternateDataStreams: C:\ProgramData\TEMP:614F17D3
AlternateDataStreams: C:\ProgramData\TEMP:627B7F7C
AlternateDataStreams: C:\ProgramData\TEMP:6294B369
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31
AlternateDataStreams: C:\ProgramData\TEMP:6AD1764B
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B50A605
AlternateDataStreams: C:\ProgramData\TEMP:6D54EED6
AlternateDataStreams: C:\ProgramData\TEMP:6DDFD746
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:785C7C53
AlternateDataStreams: C:\ProgramData\TEMP:79112E1D
AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7ADA8871
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762
AlternateDataStreams: C:\ProgramData\TEMP:803039D6
AlternateDataStreams: C:\ProgramData\TEMP:819394CC
AlternateDataStreams: C:\ProgramData\TEMP:85345626
AlternateDataStreams: C:\ProgramData\TEMP:86148D88
AlternateDataStreams: C:\ProgramData\TEMP:884C7316
AlternateDataStreams: C:\ProgramData\TEMP:8B1667C1
AlternateDataStreams: C:\ProgramData\TEMP:8DD36B71
AlternateDataStreams: C:\ProgramData\TEMP:8F00BFC0
AlternateDataStreams: C:\ProgramData\TEMP:8F067037
AlternateDataStreams: C:\ProgramData\TEMP:8F4E260C
AlternateDataStreams: C:\ProgramData\TEMP:8FA72FF8
AlternateDataStreams: C:\ProgramData\TEMP:9603033A
AlternateDataStreams: C:\ProgramData\TEMP:97B3B270
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:9C7A32BB
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9D2DE4B4
AlternateDataStreams: C:\ProgramData\TEMP:A10E88DE
AlternateDataStreams: C:\ProgramData\TEMP:A18121AD
AlternateDataStreams: C:\ProgramData\TEMP:A4ACFB14
AlternateDataStreams: C:\ProgramData\TEMP:A9ABA3FF
AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3
AlternateDataStreams: C:\ProgramData\TEMP:AC116044
AlternateDataStreams: C:\ProgramData\TEMP:AD020DC3
AlternateDataStreams: C:\ProgramData\TEMP:AE289451
AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8
AlternateDataStreams: C:\ProgramData\TEMP:B1EEADE7
AlternateDataStreams: C:\ProgramData\TEMP:B36361EE
AlternateDataStreams: C:\ProgramData\TEMP:B4186923
AlternateDataStreams: C:\ProgramData\TEMP:B522B91B
AlternateDataStreams: C:\ProgramData\TEMP:B64F7263
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:B6B87ADA
AlternateDataStreams: C:\ProgramData\TEMP:B709343D
AlternateDataStreams: C:\ProgramData\TEMP:B790962B
AlternateDataStreams: C:\ProgramData\TEMP:B83F1B83
AlternateDataStreams: C:\ProgramData\TEMP:BABA07C2
AlternateDataStreams: C:\ProgramData\TEMP:BC898B69
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:BEB6D0B2
AlternateDataStreams: C:\ProgramData\TEMP:BECA50FF
AlternateDataStreams: C:\ProgramData\TEMP:BFE54417
AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE
AlternateDataStreams: C:\ProgramData\TEMP:C7857F06
AlternateDataStreams: C:\ProgramData\TEMP:C7F5E798
AlternateDataStreams: C:\ProgramData\TEMP:C80AB70B
AlternateDataStreams: C:\ProgramData\TEMP:C98828D3
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CB0EB1DE
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D2397415
AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
AlternateDataStreams: C:\ProgramData\TEMP:D3A82449
AlternateDataStreams: C:\ProgramData\TEMP:D507AEDA
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D6A4A911
AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56
AlternateDataStreams: C:\ProgramData\TEMP:D9B1EB7E
AlternateDataStreams: C:\ProgramData\TEMP:D9EDE5FA
AlternateDataStreams: C:\ProgramData\TEMP:DA7655EA
AlternateDataStreams: C:\ProgramData\TEMP:E07230CC
AlternateDataStreams: C:\ProgramData\TEMP:E0CDBB5A
AlternateDataStreams: C:\ProgramData\TEMP:E153075C
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E222F217
AlternateDataStreams: C:\ProgramData\TEMP:E44D7155
AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41
AlternateDataStreams: C:\ProgramData\TEMP:E54FC174
AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD
AlternateDataStreams: C:\ProgramData\TEMP:E6708F08
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EB86F355
AlternateDataStreams: C:\ProgramData\TEMP:EBCF5924
AlternateDataStreams: C:\ProgramData\TEMP:EC752217
AlternateDataStreams: C:\ProgramData\TEMP:ED194880
AlternateDataStreams: C:\ProgramData\TEMP:ED796303
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F117D09A
AlternateDataStreams: C:\ProgramData\TEMP:F1F936DF
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F44D3C53
AlternateDataStreams: C:\ProgramData\TEMP:F4BF61E8
AlternateDataStreams: C:\ProgramData\TEMP:F52DB269
AlternateDataStreams: C:\ProgramData\TEMP:F7581CE6
AlternateDataStreams: C:\ProgramData\TEMP:F760FD47
AlternateDataStreams: C:\ProgramData\TEMP:F7FFE8AF
AlternateDataStreams: C:\ProgramData\TEMP:F98E6C67
AlternateDataStreams: C:\ProgramData\TEMP:FBF4285F
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FDC41D2C
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
==================== Faulty Device Manager Devices =============
Name: USB ISDN Device
Description: USB ISDN Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2014 08:32:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:27:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:18:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:13:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:03:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 07:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x4828
Startzeit der fehlerhaften Anwendung: 0xbfgclient.exe0
Pfad der fehlerhaften Anwendung: bfgclient.exe1
Pfad des fehlerhaften Moduls: bfgclient.exe2
Berichtskennung: bfgclient.exe3
Error: (09/17/2014 07:51:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Name des fehlerhaften Moduls: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f804f
ID des fehlerhaften Prozesses: 0x4798
Startzeit der fehlerhaften Anwendung: 0xbfgclient.exe0
Pfad der fehlerhaften Anwendung: bfgclient.exe1
Pfad des fehlerhaften Moduls: bfgclient.exe2
Berichtskennung: bfgclient.exe3
Error: (09/17/2014 05:39:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17280 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2a4
Startzeit: 01cfd288388d40c4
Endzeit: 47
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (09/17/2014 04:09:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17280 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d98
Startzeit: 01cfd27c5600b018
Endzeit: 23
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (09/17/2014 03:34:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/17/2014 08:06:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/16/2014 08:57:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/16/2014 08:57:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (09/15/2014 03:55:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/15/2014 03:55:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (09/15/2014 03:53:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/15/2014 03:53:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/15/2014 03:52:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/15/2014 03:52:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/15/2014 03:52:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (09/17/2014 08:32:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:27:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:18:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:13:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:03:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 07:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bfgclient.exe3.3.0.253179a91ntdll.dll6.1.7601.18247521ea8e7c0000005000222d2482801cfd29fef723a61C:\Program Files (x86)\bfgclient\bfgclient.exeC:\Windows\SysWOW64\ntdll.dll3124188c-3e93-11e4-a33b-5404a612a8dd
Error: (09/17/2014 07:51:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bfgclient.exe3.3.0.253179a91bfgclient.exe3.3.0.253179a91c0000005001f804f479801cfd29feeb73cc1C:\Program Files (x86)\bfgclient\bfgclient.exeC:\Program Files (x86)\bfgclient\bfgclient.exe2e9aa509-3e93-11e4-a33b-5404a612a8dd
Error: (09/17/2014 05:39:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.172802a401cfd288388d40c447C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (09/17/2014 04:09:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17280d9801cfd27c5600b01823C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (09/17/2014 03:34:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 7918.12 MB
Available physical RAM: 6313.02 MB
Total Pagefile: 15834.41 MB
Available Pagefile: 14102.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:921.75 GB) (Free:863.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EC26B0D4)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
17.09.2014, 19:58
| #2 |
| /// the machine /// TB-Ausbilder    | Win 7, langsamer Start und Probleme im Internet hi,
__________________Adware & Co. deinstallieren
Scan mit Combofix
__________________ |
|
28.09.2014, 10:36
| #3 |
| | Win 7, langsamer Start und Probleme im Internet sorry, hat ein paar Tage gedauert.
__________________Anbei die Datei combofix.txt Code:
ATTFilter ComboFix 14-09-24.01 - X1 28.09.2014 11:13:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7918.6205 [GMT 2:00]
ausgeführt von:: c:\users\X1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-28 bis 2014-09-28 ))))))))))))))))))))))))))))))
.
.
2014-09-28 09:29 . 2014-09-28 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-28 09:01 . 2014-09-28 09:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62DD1DCE-224D-4F1B-8868-2B68D8938F96}\offreg.dll
2014-09-28 08:53 . 2014-09-28 08:53 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-09-26 05:58 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62DD1DCE-224D-4F1B-8868-2B68D8938F96}\mpengine.dll
2014-09-24 06:16 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 06:16 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-17 18:40 . 2014-09-17 18:41 -------- d-----w- C:\FRST
2014-09-13 18:48 . 2014-09-17 18:09 -------- d-----w- c:\users\X1\AppData\Roaming\Systweak
2014-09-13 18:48 . 2014-09-13 19:14 -------- d-----w- c:\users\X1\AppData\Roaming\cloudbkp
2014-09-13 18:48 . 2014-08-20 17:17 19800 ----a-w- c:\windows\system32\roboot64.exe
2014-09-13 18:46 . 2014-09-13 18:46 -------- d-----w- c:\users\X1\AppData\Local\Programs
2014-09-10 11:29 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 11:29 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 06:19 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 06:19 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 06:19 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 06:19 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 06:18 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 06:18 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 06:18 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 06:18 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 06:18 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 06:18 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 06:18 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 18:58 . 2012-06-10 08:46 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 18:58 . 2012-06-08 18:18 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 18:58 . 2014-02-05 13:58 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-15 07:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-10 13:39 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-10 11:29 . 2012-06-10 08:11 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-28 06:32 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 06:32 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 06:32 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-13 06:54 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 06:54 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-10 10:06 . 2013-05-06 09:54 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-09 02:03 . 2014-08-13 06:55 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 06:55 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 06:55 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 06:55 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 06:55 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 06:55 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 06:55 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-13 20:59 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 20:59 8856 ----a-w- c:\windows\SysWow64\icardres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2013-09-29 23:00 1573560 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2014-08-13 03:16 1883520 ----a-w- c:\progra~2\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-30 751184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 18:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aol.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.5.1
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BFG-Sudoku, Kakuro & Friends - c:\program files (x86)\Sudoku
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-28 11:31:35
ComboFix-quarantined-files.txt 2014-09-28 09:31
.
Vor Suchlauf: 10 Verzeichnis(se), 930.395.746.304 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 930.740.404.224 Bytes frei
.
- - End Of File - - D43FF598F411294DDEB47368053C64B4
A36C5E4F47E84449FF07ED3517B43A31
|
|
28.09.2014, 16:33
| #4 |
| /// the machine /// TB-Ausbilder | Win 7, langsamer Start und Probleme im Internet Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.10.2014, 10:50
| #5 |
| | Win 7, langsamer Start und Probleme im Internet Das von Anti-Malware geht leider nicht. Es ist durchgelaufen und es wurden ca. 50 Sachen in Quarantäne verschoben. Wenn ich aber jetzt im Verlauf auf das Protokoll gehe, stürzt es ab. Anbei die anderen Logs: ADW-Cleander Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 03/10/2014 um 11:14:30
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : X1 - X1-PC
# Gestartet von : C:\Users\X1\Desktop\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\quickclick
Ordner Gelöscht : C:\ProgramData\Trymedia
[#] Ordner Gelöscht : C:\ProgramData\Alawar Stargaze
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Ordner Gelöscht : C:\Program Files (x86)\Inbox.com
Ordner Gelöscht : C:\Program Files (x86)\SiteRanker
Ordner Gelöscht : C:\Users\X1\AppData\LocalLow\RebateInformer
Ordner Gelöscht : C:\Users\X1\AppData\LocalLow\SiteRanker
Ordner Gelöscht : C:\Users\X1\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\X1\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\X1\AppData\Roaming\Alawar Stargaze
Datei Gelöscht : C:\Windows\System32\roboot64.exe
***** [ Tasks ] *****
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [siteranker@siteranker.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Schlüssel Gelöscht : HKCU\Software\CToolbar
Schlüssel Gelöscht : HKCU\Software\SiteRanker
Schlüssel Gelöscht : HKCU\Software\Tune
Schlüssel Gelöscht : HKLM\SOFTWARE\Allin1Convert_8hEI
Schlüssel Gelöscht : HKLM\SOFTWARE\CToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Tune
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
*************************
AdwCleaner[R0].txt - [4711 octets] - [03/10/2014 11:13:20]
AdwCleaner[S0].txt - [4363 octets] - [03/10/2014 11:14:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4423 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 7 Home Premium x64
Ran by X1 on 03.10.2014 at 11:21:07,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4B675094-CFC1-4251-8F1D-CFFC9FF46CDB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\X1\appdata\local\apn"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.10.2014 at 11:23:38,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by X1 (administrator) on X1-PC on 03-10-2014 11:36:25
Running from C:\Users\X1\Desktop
Loaded Profile: X1 (Available profiles: X1)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3D98B987A345CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM-x32 - AOL Deutschland Toolbar Search Class - {66a449dc-6b1d-4187-a4f1-b335d3da5365} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
URLSearchHook: HKCU - AOL Deutschland Toolbar Search Class - {66a449dc-6b1d-4187-a4f1-b335d3da5365} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {4B675094-CFC1-4251-8F1D-CFFC9FF46CDB} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AOL Deutschland Toolbar Loader -> {2d3b1910-86c2-4d4b-b1db-124b3ea35bef} -> C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - AOL Deutschland Toolbar - {567d4d94-8077-4682-b887-945f3d644116} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [802384 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15680 2006-10-31] ()
R1 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 11:34 - 2014-10-03 11:36 - 00007365 _____ () C:\Users\X1\Desktop\FRST.txt
2014-10-03 11:34 - 2014-10-03 11:34 - 00000000 ____D () C:\Users\X1\Desktop\FRST-OlderVersion
2014-10-03 11:23 - 2014-10-03 11:23 - 00001126 _____ () C:\Users\X1\Desktop\JRT.txt
2014-10-03 11:21 - 2014-10-03 11:21 - 00000000 ____D () C:\Windows\ERUNT
2014-10-03 11:20 - 2014-10-03 11:20 - 01702068 _____ (Thisisu) C:\Users\X1\Desktop\JRT.exe
2014-10-03 11:13 - 2014-10-03 11:14 - 00000000 ____D () C:\AdwCleaner
2014-10-03 11:12 - 2014-10-03 11:12 - 01375089 _____ () C:\Users\X1\Desktop\AdwCleaner_3.311.exe
2014-10-03 10:57 - 2014-10-03 10:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 10:56 - 2014-10-03 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-03 10:56 - 2014-10-03 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 10:56 - 2014-10-03 10:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-03 10:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 10:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 10:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 07:09 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:09 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 11:31 - 2014-09-28 11:31 - 00014682 _____ () C:\ComboFix.txt
2014-09-28 11:12 - 2014-09-28 11:31 - 00000000 ____D () C:\Qoobox
2014-09-28 11:12 - 2014-09-28 11:30 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 11:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 11:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 11:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 11:11 - 2014-09-28 11:11 - 05580995 ____R (Swearware) C:\Users\X1\Desktop\ComboFix.exe
2014-09-28 11:09 - 2014-09-28 11:09 - 05580995 _____ (Swearware) C:\Users\X1\Downloads\ComboFix.exe
2014-09-28 10:53 - 2014-09-28 10:53 - 00001274 _____ () C:\Users\X1\Desktop\Revo Uninstaller.lnk
2014-09-28 10:53 - 2014-09-28 10:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-24 08:16 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:16 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-17 20:41 - 2014-09-17 20:41 - 00036792 _____ () C:\Users\X1\Desktop\Addition2.txt
2014-09-17 20:40 - 2014-10-03 11:36 - 00000000 ____D () C:\FRST
2014-09-17 20:40 - 2014-09-17 20:41 - 00033754 _____ () C:\Users\X1\Desktop\FRST1.txt
2014-09-17 20:39 - 2014-10-03 11:34 - 02109440 _____ (Farbar) C:\Users\X1\Desktop\FRST64.exe
2014-09-13 20:48 - 2014-09-13 21:14 - 00000000 ____D () C:\Users\X1\AppData\Roaming\cloudbkp
2014-09-13 20:36 - 2014-10-03 11:25 - 00003282 _____ () C:\Windows\setupact.log
2014-09-13 20:36 - 2014-09-13 20:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 13:55 - 2014-09-12 13:56 - 02066125 _____ () C:\Users\X1\Downloads\dawanda&partId=4&saveAs=E-BOOK-Anleitung_Häkelpuschen_SO_NICE_-_Gr20_pdf
2014-09-10 13:37 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 13:37 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 13:37 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 13:37 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 13:37 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 13:37 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 13:37 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 13:37 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 13:37 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 13:37 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 13:37 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 13:37 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 13:37 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 13:37 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 13:37 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 13:37 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 13:37 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 13:37 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 13:37 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 13:37 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 13:37 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 13:37 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 13:37 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 13:37 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 13:37 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 13:37 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 13:37 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 13:37 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 13:37 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 13:37 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 13:37 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 13:37 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 13:37 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 13:37 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 13:37 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 13:37 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 13:37 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 13:37 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 13:37 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 13:37 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 13:37 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 13:37 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 13:37 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 13:37 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 13:37 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 13:37 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 13:37 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 13:37 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 13:37 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 13:37 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 13:29 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 13:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 08:19 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 08:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:18 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 08:18 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 08:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 08:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 08:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 08:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 08:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 11:32 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 11:32 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 11:29 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-10-03 11:29 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-10-03 11:29 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 11:28 - 2012-06-08 17:43 - 01970913 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 11:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 11:15 - 2012-09-05 20:07 - 00267958 _____ () C:\Windows\PFRO.log
2014-10-03 10:58 - 2012-07-30 15:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-02 22:20 - 2014-04-01 19:59 - 00000000 ____D () C:\Users\X1\AppData\Local\Audible
2014-10-02 18:55 - 2012-06-21 20:21 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-01 07:04 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-29 21:05 - 2013-11-16 23:53 - 00000000 ____D () C:\Users\X1\Documents\My Kindle Content
2014-09-28 11:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-26 12:44 - 2014-01-20 14:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 20:58 - 2014-02-05 15:58 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-24 20:58 - 2012-07-30 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:58 - 2012-06-10 10:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:58 - 2012-06-08 20:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 16:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-17 20:15 - 2012-06-11 22:05 - 00000000 ____D () C:\Users\X1\AppData\Local\Google
2014-09-17 20:15 - 2012-06-11 22:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-17 20:11 - 2012-06-11 22:05 - 00000000 ____D () C:\Program Files\Google
2014-09-16 16:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 09:46 - 2012-11-18 18:30 - 00000000 ____D () C:\Users\X1\AppData\Roaming\ZoomBrowser EX
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 13:36 - 2014-02-25 10:29 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 13:36 - 2013-08-15 12:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 13:29 - 2014-05-06 23:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 13:29 - 2012-06-10 10:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\X1\AppData\Local\Temp\avgnt.exe
C:\Users\X1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 12:15
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by X1 at 2014-10-03 11:36:44
Running from C:\Users\X1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1 Pinguin 100 Fälle (HKLM-x32\...\BFG-1 Pinguin 100 Faelle) (Version: - )
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version: - )
A Gnome's Home: Der Kristall des Lebens (HKLM-x32\...\BFG-A Gnome's Home - Der Kristall des Lebens) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AOL Deutschland Toolbar (HKCU\...\AOL Deutschland Toolbar) (Version: - )
AOL Deutschland Toolbar (HKLM-x32\...\AOL Deutschland Toolbar) (Version: - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2010594558.48.56.38145258 - Audible, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Birds on a Wire (HKLM-x32\...\BFG-Birds on a Wire) (Version: - )
Campgrounds (HKLM-x32\...\BFG-Campgrounds) (Version: - )
Campgrounds: The Endorus Expedition Sammleredition (HKLM-x32\...\BFG-Campgrounds - The Endorus Expedition Sammleredition) (Version: - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
Cate West - The Vanishing Files (HKLM-x32\...\dcf044fc6e1efd464a3b6bfcc74c4919) (Version: - )
Cradle of Egypt (HKLM-x32\...\BFG-Cradle of Egypt) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das ultimative Osterrätsel (HKLM-x32\...\BFG-Das ultimative Osterratsel) (Version: - )
Das ultimative Weihnachtsrätsel-Paket (HKLM-x32\...\BFG-Das ultimative Weihnachtsraetsel-Paket) (Version: - )
Die 4 Elemente II (HKLM-x32\...\Die 4 Elemente II) (Version: 1.0.0.0 - INTENIUM GmbH)
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version: - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version: - )
Dreams of a Geisha (HKLM-x32\...\BFG-Dreams of a Geisha) (Version: - )
Dress-Up Pups (HKLM-x32\...\dd06bbd7f8b6ace45e314b3b80dcfcc7) (Version: - )
Ein Yankee unter Rittern (HKLM-x32\...\BFG-Ein Yankee unter Rittern) (Version: - )
El Dorado Quest (HKLM-x32\...\BFG-El Dorado Quest) (Version: - )
Fishdom (HKLM-x32\...\BFG-Fishdom) (Version: - )
Fishdom 3 Sammleredition (HKLM-x32\...\BFG-Fishdom 3 Sammleredition) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gardenscapes - Mansion Makeover Premium Edition (HKLM-x32\...\182cbaeb29e16344e6068a8f7880ee1f) (Version: - )
Gardenscapes(TM) (HKLM-x32\...\94a888f0cc14f46f31dbe64760d265e3) (Version: - )
Hello Venice (HKLM-x32\...\4e23c238b344d82a7faaf1494690f46f) (Version: - )
Hidden Object Crosswords (HKLM-x32\...\BFG-Hidden Object Crosswords) (Version: - )
Hidden Wonders of the Depths (HKLM-x32\...\BFG-Hidden Wonders of the Depths) (Version: - )
Holiday Jigsaw: Valentinstag (HKLM-x32\...\BFG-Holiday Jigsaw - Valentinstag) (Version: - )
Island Tribe 3 (HKLM-x32\...\9131b468f75938b04a5da83b28a5141b) (Version: - )
Jewel Match - Winter Wonderland (HKLM-x32\...\BFG-Jewel Match - Winter Wonderland) (Version: - )
Jigs@w Puzzle 2 (HKLM-x32\...\BFG-Jigs@w Puzzle 2) (Version: - )
Jigsaw Boom (HKLM-x32\...\BFG-Jigsaw Boom) (Version: - )
Jigsaw World (HKLM-x32\...\49a213cae8c161bbc6283bb92a2911cb) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\BFG-Legends of Solitaire - Die verlorenen Karten) (Version: - )
Liong - The Dragon Dance (HKLM-x32\...\b44d1c7dfb19ca4f4653e190ea54e5ce) (Version: - )
Liong - The Lost Amulets (HKLM-x32\...\195d427afff066bdd0f3a5bb62fa90c1) (Version: - )
Little Shop of Treasures (HKLM-x32\...\71f8a07131cc25b1c18b432ba27c6759) (Version: - )
Little Things Forever (HKLM-x32\...\BFG-Little Things Forever) (Version: - )
LUXOR Great Adventures (HKLM-x32\...\0c6992c24d5411a5081752bd53f1477e) (Version: - )
Luxor MahJong (HKLM-x32\...\ee3e54471547c681968fbf933a57e9f6) (Version: - )
Magic Encyclopedia: Illusionen (HKLM-x32\...\Magic Encyclopedia: Illusionen) (Version: 1.0.0.0 - INTENIUM GmbH)
Mahjong Towers Eternity (HKLM-x32\...\BFG-Mahjong Towers Eternity) (Version: - )
Mahjongg Dimensions Deluxe - Tiles in Time (HKLM-x32\...\3cb1e59e3f781367097efff509bd1537) (Version: - )
Mahjongg Dimensions Deluxe (HKLM-x32\...\9ac1643eb7e8f26282321d12c5baf3bb) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mr Puzzle (HKLM-x32\...\BFG-Mr Puzzle) (Version: - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mysteries of Horus (HKLM-x32\...\BFG-Mysteries of Horus) (Version: - )
Mystery Legends - Beauty and the Beast (HKLM-x32\...\c7bdf000efa3f2f32977d770027a79b4) (Version: - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Ostereierspektakel (HKLM-x32\...\BFG-Ostereierspektakel) (Version: - )
Pastime Puzzles Deluxe - The Fifties (HKLM-x32\...\8341a549a6ff275278d283c38c989850) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Peggle Nights (HKLM-x32\...\BFG-Peggle Nights) (Version: - )
Puzzle Park (HKLM-x32\...\BFG-Puzzle Park) (Version: - )
Rainbow Web (HKLM-x32\...\977a30aad43ce761559b310356426a15) (Version: - )
Rainbow Web 2 (HKLM-x32\...\ee601fa010ca9308fd3454987eb467b1) (Version: - )
Rainbow Web 3 (HKLM-x32\...\9c9c5338e0567bbe27cc20b4e137575c) (Version: - )
Ravensburger Puzzle II (HKLM-x32\...\BFG-Ravensburger Puzzle II) (Version: - )
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Redemption Cemetery: Bitterer Frost Sammleredition (HKLM-x32\...\BFG-Redemption Cemetery - Bitterer Frost Sammleredition) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version: - )
Royal Envoy 2 Sammleredition (HKLM-x32\...\BFG-Royal Envoy 2 Sammleredition) (Version: - )
Royal Envoy: Campaign for the Crown Sammleredition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Sammleredition) (Version: - )
SAT1 GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
Seven Seas Solitaire (HKLM-x32\...\BFG-Seven Seas Solitaire) (Version: - )
Sudoku, Kakuro & Friends (HKLM-x32\...\BFG-Sudoku, Kakuro & Friends) (Version: - )
Sweet Kingdom: Verhexte Prinzessin (HKLM-x32\...\BFG-Sweet Kingdom - Verhexte Prinzessin) (Version: - )
Tropical Fish Shop 2 (HKLM-x32\...\BFG-Tropical Fish Shop 2) (Version: - )
Weihnachtswunderland 2 (HKLM-x32\...\BFG-Weihnachtswunderland 2) (Version: - )
Weird Park - Broken Tune (HKLM-x32\...\f391612f1dc75ecfd794b51eda4d1db0) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World Mosaics 4 (HKLM-x32\...\BFG-World Mosaics 4) (Version: - )
World Riddles: Seven Wonders (HKLM-x32\...\BFG-World Riddles - Seven Wonders) (Version: - )
World's Greatest Places Mahjong (HKLM-x32\...\BFG-World's Greatest Places Mahjong) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2917026532-1704927967-2421539612-1000_Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6}\InprocServer32 -> C:\PROGRA~2\REBATE~1\RebInf64.dll No File
CustomCLSID: HKU\S-1-5-21-2917026532-1704927967-2421539612-1000_Classes\CLSID\{D4AB823B-3EBC-477B-AA5B-D7061C9E83B0}\InprocServer32 -> C:\PROGRA~2\REBATE~1\RebInf64.dll No File
==================== Restore Points =========================
19-09-2014 13:44:23 Windows Update
23-09-2014 07:03:43 Windows Update
24-09-2014 08:49:04 Windows Update
28-09-2014 08:59:29 Revo Uninstaller's restore point - Ask Toolbar
28-09-2014 09:00:33 Revo Uninstaller's restore point - Ask Toolbar
28-09-2014 09:02:43 Revo Uninstaller's restore point - Avira SearchFree Toolbar plus Web Protection Updater
28-09-2014 09:04:28 Revo Uninstaller's restore point - Download Updater (AOL LLC)
30-09-2014 07:28:45 Windows Update
01-10-2014 10:53:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-28 11:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1D22B8B7-825E-4949-A9A3-780E8F029FA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:000D6A25
AlternateDataStreams: C:\ProgramData\TEMP:01D2B3C4
AlternateDataStreams: C:\ProgramData\TEMP:0406003C
AlternateDataStreams: C:\ProgramData\TEMP:06C34166
AlternateDataStreams: C:\ProgramData\TEMP:07D64CD9
AlternateDataStreams: C:\ProgramData\TEMP:084612C9
AlternateDataStreams: C:\ProgramData\TEMP:08677BDD
AlternateDataStreams: C:\ProgramData\TEMP:089CBF08
AlternateDataStreams: C:\ProgramData\TEMP:0988A428
AlternateDataStreams: C:\ProgramData\TEMP:0A5F8BFC
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:0BF391F5
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B
AlternateDataStreams: C:\ProgramData\TEMP:102394C6
AlternateDataStreams: C:\ProgramData\TEMP:113787F5
AlternateDataStreams: C:\ProgramData\TEMP:14D29229
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:16A4620C
AlternateDataStreams: C:\ProgramData\TEMP:18B3AE54
AlternateDataStreams: C:\ProgramData\TEMP:1A5207FA
AlternateDataStreams: C:\ProgramData\TEMP:1A7FFE9C
AlternateDataStreams: C:\ProgramData\TEMP:1B927722
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801
AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2
AlternateDataStreams: C:\ProgramData\TEMP:27D1368B
AlternateDataStreams: C:\ProgramData\TEMP:28DB0DC4
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:322D2CD3
AlternateDataStreams: C:\ProgramData\TEMP:3571475C
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3AF262FC
AlternateDataStreams: C:\ProgramData\TEMP:3DF14C8F
AlternateDataStreams: C:\ProgramData\TEMP:3E988A0F
AlternateDataStreams: C:\ProgramData\TEMP:41289DF0
AlternateDataStreams: C:\ProgramData\TEMP:4149A170
AlternateDataStreams: C:\ProgramData\TEMP:426D1496
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:45F3AD49
AlternateDataStreams: C:\ProgramData\TEMP:46CBC45C
AlternateDataStreams: C:\ProgramData\TEMP:4A853310
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:5539129F
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:5AC256BC
AlternateDataStreams: C:\ProgramData\TEMP:5B4686D7
AlternateDataStreams: C:\ProgramData\TEMP:5C3ED5BB
AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A
AlternateDataStreams: C:\ProgramData\TEMP:614F17D3
AlternateDataStreams: C:\ProgramData\TEMP:627B7F7C
AlternateDataStreams: C:\ProgramData\TEMP:6294B369
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31
AlternateDataStreams: C:\ProgramData\TEMP:6AD1764B
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B50A605
AlternateDataStreams: C:\ProgramData\TEMP:6D54EED6
AlternateDataStreams: C:\ProgramData\TEMP:6DDFD746
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:785C7C53
AlternateDataStreams: C:\ProgramData\TEMP:79112E1D
AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7ADA8871
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762
AlternateDataStreams: C:\ProgramData\TEMP:803039D6
AlternateDataStreams: C:\ProgramData\TEMP:819394CC
AlternateDataStreams: C:\ProgramData\TEMP:85345626
AlternateDataStreams: C:\ProgramData\TEMP:86148D88
AlternateDataStreams: C:\ProgramData\TEMP:884C7316
AlternateDataStreams: C:\ProgramData\TEMP:8B1667C1
AlternateDataStreams: C:\ProgramData\TEMP:8DD36B71
AlternateDataStreams: C:\ProgramData\TEMP:8F00BFC0
AlternateDataStreams: C:\ProgramData\TEMP:8F067037
AlternateDataStreams: C:\ProgramData\TEMP:8F4E260C
AlternateDataStreams: C:\ProgramData\TEMP:8FA72FF8
AlternateDataStreams: C:\ProgramData\TEMP:9603033A
AlternateDataStreams: C:\ProgramData\TEMP:97B3B270
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:9C7A32BB
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9D2DE4B4
AlternateDataStreams: C:\ProgramData\TEMP:A10E88DE
AlternateDataStreams: C:\ProgramData\TEMP:A18121AD
AlternateDataStreams: C:\ProgramData\TEMP:A4ACFB14
AlternateDataStreams: C:\ProgramData\TEMP:A9ABA3FF
AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3
AlternateDataStreams: C:\ProgramData\TEMP:AC116044
AlternateDataStreams: C:\ProgramData\TEMP:AD020DC3
AlternateDataStreams: C:\ProgramData\TEMP:AE289451
AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8
AlternateDataStreams: C:\ProgramData\TEMP:B1EEADE7
AlternateDataStreams: C:\ProgramData\TEMP:B36361EE
AlternateDataStreams: C:\ProgramData\TEMP:B4186923
AlternateDataStreams: C:\ProgramData\TEMP:B522B91B
AlternateDataStreams: C:\ProgramData\TEMP:B64F7263
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:B6B87ADA
AlternateDataStreams: C:\ProgramData\TEMP:B709343D
AlternateDataStreams: C:\ProgramData\TEMP:B790962B
AlternateDataStreams: C:\ProgramData\TEMP:B83F1B83
AlternateDataStreams: C:\ProgramData\TEMP:BABA07C2
AlternateDataStreams: C:\ProgramData\TEMP:BC898B69
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:BEB6D0B2
AlternateDataStreams: C:\ProgramData\TEMP:BECA50FF
AlternateDataStreams: C:\ProgramData\TEMP:BFE54417
AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE
AlternateDataStreams: C:\ProgramData\TEMP:C7857F06
AlternateDataStreams: C:\ProgramData\TEMP:C7F5E798
AlternateDataStreams: C:\ProgramData\TEMP:C80AB70B
AlternateDataStreams: C:\ProgramData\TEMP:C98828D3
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CB0EB1DE
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D2397415
AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
AlternateDataStreams: C:\ProgramData\TEMP:D3A82449
AlternateDataStreams: C:\ProgramData\TEMP:D507AEDA
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D6A4A911
AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56
AlternateDataStreams: C:\ProgramData\TEMP:D9B1EB7E
AlternateDataStreams: C:\ProgramData\TEMP:D9EDE5FA
AlternateDataStreams: C:\ProgramData\TEMP:DA7655EA
AlternateDataStreams: C:\ProgramData\TEMP:E07230CC
AlternateDataStreams: C:\ProgramData\TEMP:E0CDBB5A
AlternateDataStreams: C:\ProgramData\TEMP:E153075C
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E222F217
AlternateDataStreams: C:\ProgramData\TEMP:E44D7155
AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41
AlternateDataStreams: C:\ProgramData\TEMP:E54FC174
AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD
AlternateDataStreams: C:\ProgramData\TEMP:E6708F08
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EB86F355
AlternateDataStreams: C:\ProgramData\TEMP:EBCF5924
AlternateDataStreams: C:\ProgramData\TEMP:EC752217
AlternateDataStreams: C:\ProgramData\TEMP:ED194880
AlternateDataStreams: C:\ProgramData\TEMP:ED796303
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F117D09A
AlternateDataStreams: C:\ProgramData\TEMP:F1F936DF
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F44D3C53
AlternateDataStreams: C:\ProgramData\TEMP:F4BF61E8
AlternateDataStreams: C:\ProgramData\TEMP:F52DB269
AlternateDataStreams: C:\ProgramData\TEMP:F7581CE6
AlternateDataStreams: C:\ProgramData\TEMP:F760FD47
AlternateDataStreams: C:\ProgramData\TEMP:F7FFE8AF
AlternateDataStreams: C:\ProgramData\TEMP:F98E6C67
AlternateDataStreams: C:\ProgramData\TEMP:FBF4285F
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FDC41D2C
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2917026532-1704927967-2421539612-500 - Administrator - Disabled)
Gast (S-1-5-21-2917026532-1704927967-2421539612-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2917026532-1704927967-2421539612-1002 - Limited - Enabled)
X1 (S-1-5-21-2917026532-1704927967-2421539612-1000 - Administrator - Enabled) => C:\Users\X1
==================== Faulty Device Manager Devices =============
Name: USB ISDN Device
Description: USB ISDN Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/03/2014 11:27:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (10/03/2014 11:27:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-09-28 11:29:11.441
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-28 11:29:11.409
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 7918.12 MB
Available physical RAM: 6365.3 MB
Total Pagefile: 15834.41 MB
Available Pagefile: 14173.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:921.75 GB) (Free:865.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EC26B0D4)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
03.10.2014, 16:25
| #6 |
| /// the machine /// TB-Ausbilder | Win 7, langsamer Start und Probleme im InternetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Win 7, langsamer Start und Probleme im Internet |
|
05.10.2014, 10:04
| #7 |
| | Win 7, langsamer Start und Probleme im Internet anbei die Logs eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=689bcd7c39177f4b92987ca698cbfa2e
# engine=20442
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-05 08:51:35
# local_time=2014-10-05 10:51:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 176926 164128945 0 0
# scanned=198601
# found=2
# cleaned=0
# scan_time=2406
sh=50EBDF9F3F405578D69D40BA4770321F658A9BDD ft=1 fh=03f6e976ed0dd68e vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=B77EE1FA80CCF7026A86D0CF6E66EC3222365C60 ft=1 fh=24936f293474ac28 vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\X1\Downloads\MahjonggSetup-dm.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.152
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Online Games Manager ogmservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by X1 (administrator) on X1-PC on 05-10-2014 10:57:52
Running from C:\Users\X1\Desktop
Loaded Profile: X1 (Available profiles: X1)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3D98B987A345CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM-x32 - AOL Deutschland Toolbar Search Class - {66a449dc-6b1d-4187-a4f1-b335d3da5365} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
URLSearchHook: HKCU - AOL Deutschland Toolbar Search Class - {66a449dc-6b1d-4187-a4f1-b335d3da5365} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {4B675094-CFC1-4251-8F1D-CFFC9FF46CDB} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AOL Deutschland Toolbar Loader -> {2d3b1910-86c2-4d4b-b1db-124b3ea35bef} -> C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - AOL Deutschland Toolbar - {567d4d94-8077-4682-b887-945f3d644116} - C:\Program Files (x86)\AOL Deutschland Toolbar\aoldetb.dll (AOL Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [802384 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-30] (Avira Operations GmbH & Co. KG)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15680 2006-10-31] ()
R1 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz130; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-05 10:55 - 2014-10-05 10:55 - 00854417 _____ () C:\Users\X1\Desktop\SecurityCheck.exe
2014-10-05 10:05 - 2014-10-05 10:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-03 11:36 - 2014-10-03 11:36 - 00029597 _____ () C:\Users\X1\Desktop\Addition.txt
2014-10-03 11:34 - 2014-10-05 10:58 - 00007591 _____ () C:\Users\X1\Desktop\FRST.txt
2014-10-03 11:34 - 2014-10-03 11:34 - 00000000 ____D () C:\Users\X1\Desktop\FRST-OlderVersion
2014-10-03 11:23 - 2014-10-03 11:23 - 00001126 _____ () C:\Users\X1\Desktop\JRT.txt
2014-10-03 11:21 - 2014-10-03 11:21 - 00000000 ____D () C:\Windows\ERUNT
2014-10-03 11:20 - 2014-10-03 11:20 - 01702068 _____ (Thisisu) C:\Users\X1\Desktop\JRT.exe
2014-10-03 11:13 - 2014-10-03 11:14 - 00000000 ____D () C:\AdwCleaner
2014-10-03 11:12 - 2014-10-03 11:12 - 01375089 _____ () C:\Users\X1\Desktop\AdwCleaner_3.311.exe
2014-10-03 10:57 - 2014-10-03 11:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 10:56 - 2014-10-03 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-03 10:56 - 2014-10-03 10:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 10:56 - 2014-10-03 10:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-03 10:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 10:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 10:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-01 07:09 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:09 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 11:31 - 2014-09-28 11:31 - 00014682 _____ () C:\ComboFix.txt
2014-09-28 11:12 - 2014-09-28 11:31 - 00000000 ____D () C:\Qoobox
2014-09-28 11:12 - 2014-09-28 11:30 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 11:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 11:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 11:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 11:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 11:11 - 2014-09-28 11:11 - 05580995 ____R (Swearware) C:\Users\X1\Desktop\ComboFix.exe
2014-09-28 11:09 - 2014-09-28 11:09 - 05580995 _____ (Swearware) C:\Users\X1\Downloads\ComboFix.exe
2014-09-28 10:53 - 2014-09-28 10:53 - 00001274 _____ () C:\Users\X1\Desktop\Revo Uninstaller.lnk
2014-09-28 10:53 - 2014-09-28 10:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-24 08:16 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:16 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-17 20:41 - 2014-09-17 20:41 - 00036792 _____ () C:\Users\X1\Desktop\Addition2.txt
2014-09-17 20:40 - 2014-10-05 10:57 - 00000000 ____D () C:\FRST
2014-09-17 20:40 - 2014-09-17 20:41 - 00033754 _____ () C:\Users\X1\Desktop\FRST1.txt
2014-09-17 20:39 - 2014-10-03 11:34 - 02109440 _____ (Farbar) C:\Users\X1\Desktop\FRST64.exe
2014-09-13 20:48 - 2014-09-13 21:14 - 00000000 ____D () C:\Users\X1\AppData\Roaming\cloudbkp
2014-09-13 20:36 - 2014-10-05 08:13 - 00003562 _____ () C:\Windows\setupact.log
2014-09-13 20:36 - 2014-09-13 20:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 13:55 - 2014-09-12 13:56 - 02066125 _____ () C:\Users\X1\Downloads\dawanda&partId=4&saveAs=E-BOOK-Anleitung_Häkelpuschen_SO_NICE_-_Gr20_pdf
2014-09-10 13:37 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 13:37 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 13:37 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 13:37 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 13:37 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 13:37 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 13:37 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 13:37 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 13:37 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 13:37 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 13:37 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 13:37 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 13:37 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 13:37 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 13:37 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 13:37 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 13:37 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 13:37 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 13:37 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 13:37 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 13:37 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 13:37 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 13:37 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 13:37 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 13:37 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 13:37 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 13:37 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 13:37 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 13:37 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 13:37 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 13:37 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 13:37 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 13:37 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 13:37 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 13:37 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 13:37 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 13:37 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 13:37 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 13:37 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 13:37 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 13:37 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 13:37 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 13:37 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 13:37 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 13:37 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 13:37 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 13:37 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 13:37 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 13:37 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 13:37 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 13:37 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 13:37 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 13:29 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 13:29 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 08:19 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 08:19 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:18 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 08:18 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 08:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 08:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 08:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 08:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 08:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-05 10:58 - 2012-07-30 15:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 09:52 - 2012-06-21 20:21 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-05 08:21 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 08:21 - 2009-07-14 06:45 - 00028720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 08:18 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-10-05 08:18 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-10-05 08:18 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 08:17 - 2012-06-08 17:43 - 02021960 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 08:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 17:12 - 2012-11-18 18:30 - 00000000 ____D () C:\Users\X1\AppData\Roaming\ZoomBrowser EX
2014-10-04 09:17 - 2014-04-01 19:59 - 00000000 ____D () C:\Users\X1\AppData\Local\Audible
2014-10-03 11:15 - 2012-09-05 20:07 - 00267958 _____ () C:\Windows\PFRO.log
2014-10-01 07:04 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-29 21:05 - 2013-11-16 23:53 - 00000000 ____D () C:\Users\X1\Documents\My Kindle Content
2014-09-28 11:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-26 12:44 - 2014-01-20 14:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 20:58 - 2014-02-05 15:58 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-24 20:58 - 2012-07-30 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 20:58 - 2012-06-10 10:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 20:58 - 2012-06-08 20:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 16:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-17 20:15 - 2012-06-11 22:05 - 00000000 ____D () C:\Users\X1\AppData\Local\Google
2014-09-17 20:15 - 2012-06-11 22:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-17 20:11 - 2012-06-11 22:05 - 00000000 ____D () C:\Program Files\Google
2014-09-16 16:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 13:36 - 2014-02-25 10:29 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 13:36 - 2013-08-15 12:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 13:29 - 2014-05-06 23:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 13:29 - 2012-06-10 10:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\X1\AppData\Local\Temp\avgnt.exe
C:\Users\X1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 12:15
==================== End Of Log ============================
--- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by X1 at 2014-10-05 10:58:33
Running from C:\Users\X1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1 Pinguin 100 Fälle (HKLM-x32\...\BFG-1 Pinguin 100 Faelle) (Version: - )
4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version: - )
A Gnome's Home: Der Kristall des Lebens (HKLM-x32\...\BFG-A Gnome's Home - Der Kristall des Lebens) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AOL Deutschland Toolbar (HKCU\...\AOL Deutschland Toolbar) (Version: - )
AOL Deutschland Toolbar (HKLM-x32\...\AOL Deutschland Toolbar) (Version: - )
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2010594558.48.56.38145258 - Audible, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Birds on a Wire (HKLM-x32\...\BFG-Birds on a Wire) (Version: - )
Campgrounds (HKLM-x32\...\BFG-Campgrounds) (Version: - )
Campgrounds: The Endorus Expedition Sammleredition (HKLM-x32\...\BFG-Campgrounds - The Endorus Expedition Sammleredition) (Version: - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
Cate West - The Vanishing Files (HKLM-x32\...\dcf044fc6e1efd464a3b6bfcc74c4919) (Version: - )
Cradle of Egypt (HKLM-x32\...\BFG-Cradle of Egypt) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das ultimative Osterrätsel (HKLM-x32\...\BFG-Das ultimative Osterratsel) (Version: - )
Das ultimative Weihnachtsrätsel-Paket (HKLM-x32\...\BFG-Das ultimative Weihnachtsraetsel-Paket) (Version: - )
Die 4 Elemente II (HKLM-x32\...\Die 4 Elemente II) (Version: 1.0.0.0 - INTENIUM GmbH)
Die Chroniken von Emerland Solitär (HKLM-x32\...\BFG-Die Chroniken von Emerland Solitaer) (Version: - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version: - )
Dreams of a Geisha (HKLM-x32\...\BFG-Dreams of a Geisha) (Version: - )
Dress-Up Pups (HKLM-x32\...\dd06bbd7f8b6ace45e314b3b80dcfcc7) (Version: - )
Ein Yankee unter Rittern (HKLM-x32\...\BFG-Ein Yankee unter Rittern) (Version: - )
El Dorado Quest (HKLM-x32\...\BFG-El Dorado Quest) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fishdom (HKLM-x32\...\BFG-Fishdom) (Version: - )
Fishdom 3 Sammleredition (HKLM-x32\...\BFG-Fishdom 3 Sammleredition) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Gardenscapes - Mansion Makeover Premium Edition (HKLM-x32\...\182cbaeb29e16344e6068a8f7880ee1f) (Version: - )
Gardenscapes(TM) (HKLM-x32\...\94a888f0cc14f46f31dbe64760d265e3) (Version: - )
Hello Venice (HKLM-x32\...\4e23c238b344d82a7faaf1494690f46f) (Version: - )
Hidden Object Crosswords (HKLM-x32\...\BFG-Hidden Object Crosswords) (Version: - )
Hidden Wonders of the Depths (HKLM-x32\...\BFG-Hidden Wonders of the Depths) (Version: - )
Holiday Jigsaw: Valentinstag (HKLM-x32\...\BFG-Holiday Jigsaw - Valentinstag) (Version: - )
Island Tribe 3 (HKLM-x32\...\9131b468f75938b04a5da83b28a5141b) (Version: - )
Jewel Match - Winter Wonderland (HKLM-x32\...\BFG-Jewel Match - Winter Wonderland) (Version: - )
Jigs@w Puzzle 2 (HKLM-x32\...\BFG-Jigs@w Puzzle 2) (Version: - )
Jigsaw Boom (HKLM-x32\...\BFG-Jigsaw Boom) (Version: - )
Jigsaw World (HKLM-x32\...\49a213cae8c161bbc6283bb92a2911cb) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Legends of Solitaire: Die verlorenen Karten (HKLM-x32\...\BFG-Legends of Solitaire - Die verlorenen Karten) (Version: - )
Liong - The Dragon Dance (HKLM-x32\...\b44d1c7dfb19ca4f4653e190ea54e5ce) (Version: - )
Liong - The Lost Amulets (HKLM-x32\...\195d427afff066bdd0f3a5bb62fa90c1) (Version: - )
Little Shop of Treasures (HKLM-x32\...\71f8a07131cc25b1c18b432ba27c6759) (Version: - )
Little Things Forever (HKLM-x32\...\BFG-Little Things Forever) (Version: - )
LUXOR Great Adventures (HKLM-x32\...\0c6992c24d5411a5081752bd53f1477e) (Version: - )
Luxor MahJong (HKLM-x32\...\ee3e54471547c681968fbf933a57e9f6) (Version: - )
Magic Encyclopedia: Illusionen (HKLM-x32\...\Magic Encyclopedia: Illusionen) (Version: 1.0.0.0 - INTENIUM GmbH)
Mahjong Towers Eternity (HKLM-x32\...\BFG-Mahjong Towers Eternity) (Version: - )
Mahjongg Dimensions Deluxe - Tiles in Time (HKLM-x32\...\3cb1e59e3f781367097efff509bd1537) (Version: - )
Mahjongg Dimensions Deluxe (HKLM-x32\...\9ac1643eb7e8f26282321d12c5baf3bb) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mr Puzzle (HKLM-x32\...\BFG-Mr Puzzle) (Version: - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mysteries of Horus (HKLM-x32\...\BFG-Mysteries of Horus) (Version: - )
Mystery Legends - Beauty and the Beast (HKLM-x32\...\c7bdf000efa3f2f32977d770027a79b4) (Version: - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Ostereierspektakel (HKLM-x32\...\BFG-Ostereierspektakel) (Version: - )
Pastime Puzzles Deluxe - The Fifties (HKLM-x32\...\8341a549a6ff275278d283c38c989850) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Peggle Nights (HKLM-x32\...\BFG-Peggle Nights) (Version: - )
Puzzle Park (HKLM-x32\...\BFG-Puzzle Park) (Version: - )
Rainbow Web (HKLM-x32\...\977a30aad43ce761559b310356426a15) (Version: - )
Rainbow Web 2 (HKLM-x32\...\ee601fa010ca9308fd3454987eb467b1) (Version: - )
Rainbow Web 3 (HKLM-x32\...\9c9c5338e0567bbe27cc20b4e137575c) (Version: - )
Ravensburger Puzzle II (HKLM-x32\...\BFG-Ravensburger Puzzle II) (Version: - )
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Redemption Cemetery: Bitterer Frost Sammleredition (HKLM-x32\...\BFG-Redemption Cemetery - Bitterer Frost Sammleredition) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Royal Envoy (HKLM-x32\...\BFG-Royal Envoy) (Version: - )
Royal Envoy 2 Sammleredition (HKLM-x32\...\BFG-Royal Envoy 2 Sammleredition) (Version: - )
Royal Envoy: Campaign for the Crown Sammleredition (HKLM-x32\...\BFG-Royal Envoy - Campaign for the Crown Sammleredition) (Version: - )
SAT1 GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
Seven Seas Solitaire (HKLM-x32\...\BFG-Seven Seas Solitaire) (Version: - )
Sudoku, Kakuro & Friends (HKLM-x32\...\BFG-Sudoku, Kakuro & Friends) (Version: - )
Sweet Kingdom: Verhexte Prinzessin (HKLM-x32\...\BFG-Sweet Kingdom - Verhexte Prinzessin) (Version: - )
Tropical Fish Shop 2 (HKLM-x32\...\BFG-Tropical Fish Shop 2) (Version: - )
Weihnachtswunderland 2 (HKLM-x32\...\BFG-Weihnachtswunderland 2) (Version: - )
Weird Park - Broken Tune (HKLM-x32\...\f391612f1dc75ecfd794b51eda4d1db0) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World Mosaics 4 (HKLM-x32\...\BFG-World Mosaics 4) (Version: - )
World Riddles: Seven Wonders (HKLM-x32\...\BFG-World Riddles - Seven Wonders) (Version: - )
World's Greatest Places Mahjong (HKLM-x32\...\BFG-World's Greatest Places Mahjong) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2917026532-1704927967-2421539612-1000_Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6}\InprocServer32 -> C:\PROGRA~2\REBATE~1\RebInf64.dll No File
CustomCLSID: HKU\S-1-5-21-2917026532-1704927967-2421539612-1000_Classes\CLSID\{D4AB823B-3EBC-477B-AA5B-D7061C9E83B0}\InprocServer32 -> C:\PROGRA~2\REBATE~1\RebInf64.dll No File
==================== Restore Points =========================
19-09-2014 13:44:23 Windows Update
23-09-2014 07:03:43 Windows Update
24-09-2014 08:49:04 Windows Update
28-09-2014 08:59:29 Revo Uninstaller's restore point - Ask Toolbar
28-09-2014 09:00:33 Revo Uninstaller's restore point - Ask Toolbar
28-09-2014 09:02:43 Revo Uninstaller's restore point - Avira SearchFree Toolbar plus Web Protection Updater
28-09-2014 09:04:28 Revo Uninstaller's restore point - Download Updater (AOL LLC)
30-09-2014 07:28:45 Windows Update
01-10-2014 10:53:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-28 11:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1D22B8B7-825E-4949-A9A3-780E8F029FA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:000D6A25
AlternateDataStreams: C:\ProgramData\TEMP:01D2B3C4
AlternateDataStreams: C:\ProgramData\TEMP:0406003C
AlternateDataStreams: C:\ProgramData\TEMP:06C34166
AlternateDataStreams: C:\ProgramData\TEMP:07D64CD9
AlternateDataStreams: C:\ProgramData\TEMP:084612C9
AlternateDataStreams: C:\ProgramData\TEMP:08677BDD
AlternateDataStreams: C:\ProgramData\TEMP:089CBF08
AlternateDataStreams: C:\ProgramData\TEMP:0988A428
AlternateDataStreams: C:\ProgramData\TEMP:0A5F8BFC
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52
AlternateDataStreams: C:\ProgramData\TEMP:0BF391F5
AlternateDataStreams: C:\ProgramData\TEMP:0BF4DA47
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B
AlternateDataStreams: C:\ProgramData\TEMP:102394C6
AlternateDataStreams: C:\ProgramData\TEMP:113787F5
AlternateDataStreams: C:\ProgramData\TEMP:14D29229
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:16A4620C
AlternateDataStreams: C:\ProgramData\TEMP:18B3AE54
AlternateDataStreams: C:\ProgramData\TEMP:1A5207FA
AlternateDataStreams: C:\ProgramData\TEMP:1A7FFE9C
AlternateDataStreams: C:\ProgramData\TEMP:1B927722
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801
AlternateDataStreams: C:\ProgramData\TEMP:1E942FB9
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2
AlternateDataStreams: C:\ProgramData\TEMP:27D1368B
AlternateDataStreams: C:\ProgramData\TEMP:28DB0DC4
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2E49FF93
AlternateDataStreams: C:\ProgramData\TEMP:2F5A06FD
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:322D2CD3
AlternateDataStreams: C:\ProgramData\TEMP:3571475C
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3AF262FC
AlternateDataStreams: C:\ProgramData\TEMP:3DF14C8F
AlternateDataStreams: C:\ProgramData\TEMP:3E988A0F
AlternateDataStreams: C:\ProgramData\TEMP:41289DF0
AlternateDataStreams: C:\ProgramData\TEMP:4149A170
AlternateDataStreams: C:\ProgramData\TEMP:426D1496
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:45F3AD49
AlternateDataStreams: C:\ProgramData\TEMP:46CBC45C
AlternateDataStreams: C:\ProgramData\TEMP:4A853310
AlternateDataStreams: C:\ProgramData\TEMP:4D348522
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:5539129F
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:5AC256BC
AlternateDataStreams: C:\ProgramData\TEMP:5B4686D7
AlternateDataStreams: C:\ProgramData\TEMP:5C3ED5BB
AlternateDataStreams: C:\ProgramData\TEMP:5DB36C47
AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A
AlternateDataStreams: C:\ProgramData\TEMP:614F17D3
AlternateDataStreams: C:\ProgramData\TEMP:627B7F7C
AlternateDataStreams: C:\ProgramData\TEMP:6294B369
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:639F0420
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31
AlternateDataStreams: C:\ProgramData\TEMP:6AD1764B
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B50A605
AlternateDataStreams: C:\ProgramData\TEMP:6D54EED6
AlternateDataStreams: C:\ProgramData\TEMP:6DDFD746
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:785C7C53
AlternateDataStreams: C:\ProgramData\TEMP:79112E1D
AlternateDataStreams: C:\ProgramData\TEMP:79C6A9CE
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7ADA8871
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762
AlternateDataStreams: C:\ProgramData\TEMP:803039D6
AlternateDataStreams: C:\ProgramData\TEMP:819394CC
AlternateDataStreams: C:\ProgramData\TEMP:85345626
AlternateDataStreams: C:\ProgramData\TEMP:86148D88
AlternateDataStreams: C:\ProgramData\TEMP:884C7316
AlternateDataStreams: C:\ProgramData\TEMP:8B1667C1
AlternateDataStreams: C:\ProgramData\TEMP:8DD36B71
AlternateDataStreams: C:\ProgramData\TEMP:8F00BFC0
AlternateDataStreams: C:\ProgramData\TEMP:8F067037
AlternateDataStreams: C:\ProgramData\TEMP:8F4E260C
AlternateDataStreams: C:\ProgramData\TEMP:8FA72FF8
AlternateDataStreams: C:\ProgramData\TEMP:9603033A
AlternateDataStreams: C:\ProgramData\TEMP:97B3B270
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E
AlternateDataStreams: C:\ProgramData\TEMP:993185CB
AlternateDataStreams: C:\ProgramData\TEMP:9C7A32BB
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9D2DE4B4
AlternateDataStreams: C:\ProgramData\TEMP:A10E88DE
AlternateDataStreams: C:\ProgramData\TEMP:A18121AD
AlternateDataStreams: C:\ProgramData\TEMP:A4ACFB14
AlternateDataStreams: C:\ProgramData\TEMP:A9ABA3FF
AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3
AlternateDataStreams: C:\ProgramData\TEMP:AC116044
AlternateDataStreams: C:\ProgramData\TEMP:AD020DC3
AlternateDataStreams: C:\ProgramData\TEMP:AE289451
AlternateDataStreams: C:\ProgramData\TEMP:AE75CCC8
AlternateDataStreams: C:\ProgramData\TEMP:B1EEADE7
AlternateDataStreams: C:\ProgramData\TEMP:B36361EE
AlternateDataStreams: C:\ProgramData\TEMP:B4186923
AlternateDataStreams: C:\ProgramData\TEMP:B522B91B
AlternateDataStreams: C:\ProgramData\TEMP:B64F7263
AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
AlternateDataStreams: C:\ProgramData\TEMP:B6B87ADA
AlternateDataStreams: C:\ProgramData\TEMP:B709343D
AlternateDataStreams: C:\ProgramData\TEMP:B790962B
AlternateDataStreams: C:\ProgramData\TEMP:B83F1B83
AlternateDataStreams: C:\ProgramData\TEMP:BABA07C2
AlternateDataStreams: C:\ProgramData\TEMP:BC898B69
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:BEB6D0B2
AlternateDataStreams: C:\ProgramData\TEMP:BECA50FF
AlternateDataStreams: C:\ProgramData\TEMP:BFE54417
AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE
AlternateDataStreams: C:\ProgramData\TEMP:C7857F06
AlternateDataStreams: C:\ProgramData\TEMP:C7F5E798
AlternateDataStreams: C:\ProgramData\TEMP:C80AB70B
AlternateDataStreams: C:\ProgramData\TEMP:C98828D3
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CB0EB1DE
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D2397415
AlternateDataStreams: C:\ProgramData\TEMP:D3331ADB
AlternateDataStreams: C:\ProgramData\TEMP:D3A82449
AlternateDataStreams: C:\ProgramData\TEMP:D507AEDA
AlternateDataStreams: C:\ProgramData\TEMP:D696AA12
AlternateDataStreams: C:\ProgramData\TEMP:D6A4A911
AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56
AlternateDataStreams: C:\ProgramData\TEMP:D9B1EB7E
AlternateDataStreams: C:\ProgramData\TEMP:D9EDE5FA
AlternateDataStreams: C:\ProgramData\TEMP:DA7655EA
AlternateDataStreams: C:\ProgramData\TEMP:E07230CC
AlternateDataStreams: C:\ProgramData\TEMP:E0CDBB5A
AlternateDataStreams: C:\ProgramData\TEMP:E153075C
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E222F217
AlternateDataStreams: C:\ProgramData\TEMP:E44D7155
AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41
AlternateDataStreams: C:\ProgramData\TEMP:E54FC174
AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD
AlternateDataStreams: C:\ProgramData\TEMP:E6708F08
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EB86F355
AlternateDataStreams: C:\ProgramData\TEMP:EBCF5924
AlternateDataStreams: C:\ProgramData\TEMP:EC752217
AlternateDataStreams: C:\ProgramData\TEMP:ED194880
AlternateDataStreams: C:\ProgramData\TEMP:ED796303
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D
AlternateDataStreams: C:\ProgramData\TEMP:F117D09A
AlternateDataStreams: C:\ProgramData\TEMP:F1F936DF
AlternateDataStreams: C:\ProgramData\TEMP:F2AF86D9
AlternateDataStreams: C:\ProgramData\TEMP:F44D3C53
AlternateDataStreams: C:\ProgramData\TEMP:F4BF61E8
AlternateDataStreams: C:\ProgramData\TEMP:F52DB269
AlternateDataStreams: C:\ProgramData\TEMP:F7581CE6
AlternateDataStreams: C:\ProgramData\TEMP:F760FD47
AlternateDataStreams: C:\ProgramData\TEMP:F7FFE8AF
AlternateDataStreams: C:\ProgramData\TEMP:F98E6C67
AlternateDataStreams: C:\ProgramData\TEMP:FBF4285F
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
AlternateDataStreams: C:\ProgramData\TEMP:FDC41D2C
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2917026532-1704927967-2421539612-500 - Administrator - Disabled)
Gast (S-1-5-21-2917026532-1704927967-2421539612-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2917026532-1704927967-2421539612-1002 - Limited - Enabled)
X1 (S-1-5-21-2917026532-1704927967-2421539612-1000 - Administrator - Enabled) => C:\Users\X1
==================== Faulty Device Manager Devices =============
Name: USB ISDN Device
Description: USB ISDN Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/05/2014 10:54:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/05/2014 10:05:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/05/2014 10:05:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (10/05/2014 08:15:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 04:46:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 08:52:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 07:58:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 02:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 11:43:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xdf4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (10/03/2014 11:39:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x7f0
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
System errors:
=============
Error: (10/05/2014 08:39:33 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (10/05/2014 08:39:33 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (10/04/2014 06:54:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (10/04/2014 11:54:04 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (10/04/2014 11:54:04 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (10/03/2014 03:13:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (10/03/2014 03:13:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
Error: (10/05/2014 10:54:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (10/05/2014 10:05:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\X1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8H0TRTR\esetsmartinstaller_deu.exe
Error: (10/05/2014 10:05:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\X1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8H0TRTR\esetsmartinstaller_deu.exe
Error: (10/05/2014 08:15:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 04:46:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2014 08:52:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 07:58:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 02:01:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2014 11:43:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fddf401cfdeee52361852C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllbadc1786-4ae1-11e4-9e97-5404a612a8dd
Error: (10/03/2014 11:39:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7f001cfdeedeb6de9fcC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll3c52e054-4ae1-11e4-9e97-5404a612a8dd
CodeIntegrity Errors:
===================================
Date: 2014-09-28 11:29:11.441
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-28 11:29:11.409
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD FX(tm)-4100 Quad-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 7918.12 MB
Available physical RAM: 6190.14 MB
Total Pagefile: 15834.41 MB
Available Pagefile: 13975.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:921.75 GB) (Free:864.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EC26B0D4)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.10.2014, 08:15
| #8 |
| /// the machine /// TB-Ausbilder | Win 7, langsamer Start und Probleme im Internet Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.10.2014, 19:21
| #9 |
| | Win 7, langsamer Start und Probleme im Internet alles erledigt und vielen Dank für die Hilfe  |
|
07.10.2014, 13:51
| #10 |
| /// the machine /// TB-Ausbilder | Win 7, langsamer Start und Probleme im Internet Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win 7, langsamer Start und Probleme im Internet |
| adware, antivir, avira, computer, desktop, error, fehlermeldung, flash player, helper, home, iexplore.exe, internet, karte, object, online games, realtek, registry, scan, secur, security, software, svchost.exe, system, usb, windows, wlan |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
