| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.netWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.10.2014, 12:02
| #1 |
 |  Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Hallo, Bei sehr vielen Seiten im Firefox, Opera, IE werde ich von spns.seriousads.net auf eine leere Seite umgeleitet, oder auf andere Werbeseiten. Auch diese Seite hier erforderte etliche Versuche, um die angeforderten Programme defogger bis GMER herunterzuladen. Beim Versuch, die Seite evtl. durch einen vorigen Wiederherstellungspunkt loszuwerden, mußte ich mein erst am 25.9.2014 installierte Kaspersky Internet Security 2015 neu verifizieren, was aber mißlang. Die Anweisungen deren Supports führte zum Versagen des Computers, was ich aber durch einen weiteren Wiederhestellungsvorgang beheben konnte. Aber dieses spns nervt unerhört und macht das Internet fast unbrauchbar. Bitte dringend um Hilfe (Kaspersky hatte ich das Problem am 10.10.2014 mitgeteilt, erhielt aber bislang keine Antwort). mfG Ronald Brauer PS: Da neu hier: wie erkenne ich, daß eine Antwort da ist (evtl. an meine email-Adresse senden).??? Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:54 on 11/10/2014 (Ronald Brauer)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by Ronald Brauer (administrator) on RONALDARNO-PC on 11-10-2014 11:02:39
Running from C:\Users\Ronald Brauer\Downloads
Loaded Profile: Ronald Brauer (Available profiles: Alternate & Ronald Brauer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9639424 2009-12-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] => C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-05-06] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-09-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-22] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] ()
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Run: [SkypePM] => C:\Users\Ronald Brauer\AppData\Local\Skype\SkypePM.exe
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\MountPoints2: {4a1491d6-6b03-11df-890c-e0cb4ee93fcb} - E:\pushinst.exe
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\MountPoints2: {785f4105-bac9-11e0-b9f8-001c4afac163} - F:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2184C2CA12FFCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://native-search.com/?channel=de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {318DFEB2-3449-4101-B00B-860AE0D34878} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
SearchScopes: HKCU - {42C7DE53-739B-41E2-AF9F-788A5A156AFF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2708334
SearchScopes: HKCU - {8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {99ECA7F7-DAE1-4e86-995F-A80FB51AB0CA} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://web.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar -> C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Ronald Brauer\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF user.js: detected! => C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js
FF user.js: detected! => C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260 (2).dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\amazon-icon@giga.de [2014-09-25]
FF Extension: HTTPS-Everywhere - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2013-12-19]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\sparpilot@sparpilot.com [2014-09-25]
FF Extension: Cookie Monster - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2013-12-19]
FF Extension: UnPlug - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\unplug@compunach.xpi [2013-08-06]
FF Extension: JonDoFox - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-11-08]
FF Extension: NoScript - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28]
FF Extension: Adblock Plus - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\elemhidehelper@adblockplus.org.xpi [2014-10-11]
FF Extension: All-in-One Sidebar - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-10-11]
FF Extension: Adblock Plus - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn [2011-11-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn [2013-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
Chrome:
=======
CHR Profile: C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bazaar Friend) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2014-03-07]
CHR Extension: (Boston MarketOne) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-03-07]
CHR Extension: (InfoBird Pro) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-03-07]
CHR Extension: (RealPlayer Downloader) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-07]
CHR Extension: (Real Summer Sale) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj [2014-03-07]
CHR Extension: (DVDVideoSoft) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-03-07]
CHR Extension: (Google Wallet) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\RONALD~1\AppData\Local\InfoBirdPro.crx [2013-08-04]
CHR HKLM\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKCU\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\RONALD~1\AppData\Local\InfoBirdPro.crx [2013-08-04]
CHR HKCU\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\RONALD~1\AppData\Local\InfoBirdPro.crx [2013-08-04]
CHR HKLM-x32\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Ronald Brauer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-09-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-22] (APN LLC.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-06-06] (Freemake) [File not signed]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-05-06] () [File not signed]
R2 HPSLPSVC; C:\Users\Ronald Brauer\AppData\Local\Temp\7zS3EB2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S2 DatamngrCoordinator2; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [1390680 2013-04-13] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-12] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-14] (Symantec Corporation)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130502.001\IDSvia64.sys [513184 2013-03-13] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-09-25] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-09-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-08-25] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130503.004\ENG64.SYS [126192 2013-03-15] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130503.004\EX64.SYS [2087664 2013-03-15] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-11] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 cpuz130; \??\C:\Users\ALTERN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 11:02 - 2014-10-11 11:03 - 00037033 _____ () C:\Users\Ronald Brauer\Downloads\FRST.txt
2014-10-11 11:02 - 2014-10-11 11:02 - 00000000 ____D () C:\FRST
2014-10-11 11:01 - 2014-10-11 11:01 - 02109952 _____ (Farbar) C:\Users\Ronald Brauer\Downloads\FRST64.exe
2014-10-11 10:54 - 2014-10-11 10:54 - 00000488 _____ () C:\Users\Ronald Brauer\Downloads\defogger_disable.log
2014-10-11 10:54 - 2014-10-11 10:54 - 00000000 _____ () C:\Users\Ronald Brauer\defogger_reenable
2014-10-11 10:52 - 2014-10-11 10:52 - 00050477 _____ () C:\Users\Ronald Brauer\Downloads\Defogger.exe
2014-10-11 10:38 - 2014-10-11 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-10-11 10:38 - 2014-10-11 10:46 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-10-11 10:37 - 2014-10-11 10:37 - 07887208 _____ (383 Media, Inc.) C:\Users\Ronald Brauer\Downloads\DriverRestore.exe
2014-10-11 09:46 - 2014-10-11 09:47 - 31766208 _____ (Microsoft Corporation) C:\Users\Ronald Brauer\Downloads\Windows-KB890830-x64-V5.16.exe
2014-10-10 22:57 - 2014-10-10 22:57 - 04300993 _____ () C:\Users\Ronald Brauer\Desktop\Kaspersky_AutoCollector_Results.zip
2014-10-10 22:54 - 2014-10-10 22:54 - 00619921 _____ () C:\Users\Ronald Brauer\Downloads\KL-AutoCollector_4.6.exe
2014-10-10 18:49 - 2014-10-10 23:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-10 14:17 - 2014-10-10 14:20 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\ReportMaker
2014-10-10 12:28 - 2014-10-10 12:28 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Alte Firefox-Daten
2014-09-29 09:38 - 2014-10-10 23:12 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Spiele
2014-09-27 09:54 - 2014-09-27 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-27 09:54 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-27 09:53 - 2014-09-27 09:54 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-27 09:53 - 2014-09-27 09:54 - 00000000 ____D () C:\Program Files\iTunes
2014-09-27 09:53 - 2014-09-27 09:53 - 00000000 ____D () C:\Program Files\iPod
2014-09-27 09:37 - 2014-09-27 09:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-27 09:33 - 2014-09-27 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-25 09:09 - 2014-09-25 09:09 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp7396b31d089ca2ea579fbca3f7e0c016
2014-09-25 09:09 - 2014-09-25 09:09 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp5426677acd666adac6effd455d779184
2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\Downloads\RealPlayer
2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\ChromeExtensions
2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp8a1a82856b1bcb67b2e739846712d61c
2014-09-25 09:07 - 2014-09-25 09:07 - 01047192 _____ () C:\Users\Ronald Brauer\Downloads\RealPlayer-lnstall.exe
2014-09-25 08:34 - 2014-10-10 23:12 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\AskPartnerNetwork
2014-09-25 08:33 - 2014-10-10 23:12 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-09-25 08:33 - 2014-09-25 08:33 - 00000000 ____D () C:\ProgramData\APN
2014-09-25 08:32 - 2014-09-25 08:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-09-25 08:31 - 2014-09-25 08:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-09-25 08:31 - 2014-09-25 08:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-09-25 08:30 - 2014-09-25 08:30 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-09-25 07:38 - 2014-10-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-09-25 07:38 - 2014-09-25 12:04 - 00002334 _____ () C:\Users\Ronald Brauer\Desktop\Sicherer Zahlungsverkehr.lnk
2014-09-25 07:38 - 2014-09-25 07:38 - 00001196 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-09-25 07:38 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-09-25 07:37 - 2014-09-25 07:42 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-25 07:37 - 2014-09-25 07:42 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-25 07:37 - 2014-09-25 07:37 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-25 07:37 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-09-25 07:10 - 2014-09-25 07:10 - 00000000 ___SD () C:\Users\Ronald Brauer\Documents\Passwords Database
2014-09-23 09:02 - 2014-09-23 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 09:02 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-23 09:02 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-23 09:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-23 09:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-23 09:01 - 2014-09-23 09:02 - 00004686 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-23 08:59 - 2014-09-23 08:59 - 00918952 _____ (Oracle Corporation) C:\Users\Ronald Brauer\Downloads\jxpiinstall(2).exe
2014-09-23 08:40 - 2014-09-23 08:40 - 00031596 _____ () C:\Windows\SysWOW64\hs_err_pid5112.log
2014-09-22 20:40 - 2014-09-23 09:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-22 20:36 - 2014-09-22 20:36 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brettspielwelt
2014-09-22 20:35 - 2014-09-22 20:35 - 03170210 _____ (BrettspielWelt GmbH) C:\Users\Ronald Brauer\Downloads\BrettspielWelt(1).exe
2014-09-20 14:43 - 2014-09-20 14:45 - 89130271 _____ () C:\Users\Ronald Brauer\Downloads\imdb2014-w1-2%20pip.mp4
2014-09-20 07:51 - 2014-10-11 08:00 - 00003366 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-20 07:51 - 2014-10-11 08:00 - 00003248 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-19 09:25 - 2014-09-24 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 19:04 - 2014-09-17 19:04 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWood
2014-09-17 19:04 - 2014-09-17 19:04 - 00000000 ____D () C:\Program Files (x86)\JoWood
2014-09-17 12:21 - 2014-09-17 12:21 - 00000909 _____ () C:\Users\Alternate\Desktop\Bidou.lnk
2014-09-17 12:21 - 2014-09-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bidou
2014-09-17 12:21 - 2014-09-17 12:21 - 00000000 ____D () C:\Program Files (x86)\Bidou
2014-09-17 12:20 - 2014-09-17 12:20 - 00001008 _____ () C:\Users\Ronald Brauer\Desktop\AngelPacMan.lnk
2014-09-17 12:20 - 2014-09-17 12:20 - 00001008 _____ () C:\Users\Alternate\Desktop\AngelPacMan.lnk
2014-09-17 12:20 - 2014-09-17 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AngelPacMan
2014-09-17 12:20 - 2014-09-17 12:20 - 00000000 ____D () C:\Program Files (x86)\AngelPacMan
2014-09-17 12:12 - 2014-09-17 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701
2014-09-17 12:01 - 2014-09-17 12:16 - 00000000 ____D () C:\Program Files (x86)\Anno 1701
2014-09-14 17:48 - 2014-09-17 20:35 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-14 17:46 - 2014-09-14 17:56 - 00000000 ____D () C:\Program Files (x86)\eGames
2014-09-14 17:46 - 2014-09-14 17:46 - 00001828 _____ () C:\Users\Alternate\Desktop\eGames.lnk
2014-09-14 17:46 - 2014-09-14 17:46 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eGames
2014-09-14 17:46 - 2014-09-14 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
2014-09-14 17:46 - 2000-07-17 13:41 - 00070088 _____ (xx) C:\Windows\SysWOW64\Project2-1.ocx
2014-09-14 17:46 - 2000-03-21 15:37 - 00001760 _____ () C:\Windows\SysWOW64\objsafe.tlb
2014-09-14 17:46 - 2000-01-05 14:10 - 00614672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2014-09-14 17:46 - 2000-01-05 14:10 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-09-14 17:46 - 2000-01-05 14:10 - 00143632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2014-09-14 17:46 - 2000-01-05 14:10 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-09-14 17:46 - 1999-12-07 11:00 - 01384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2014-09-14 17:46 - 1999-05-07 00:00 - 00082960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Picclp32.ocx
2014-09-14 17:46 - 1999-03-25 23:00 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2014-09-14 17:46 - 1998-05-30 23:00 - 00022288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2014-09-13 15:56 - 2014-09-30 07:58 - 00003388 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-13 15:56 - 2014-09-30 07:58 - 00003270 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-11 22:39 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 22:39 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 22:39 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 22:39 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 22:39 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 22:39 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 22:39 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 22:39 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 22:39 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 22:39 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 22:39 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 22:39 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 22:39 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 22:39 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 22:39 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 22:39 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 22:39 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 22:39 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 22:39 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 22:39 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 22:39 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 22:39 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 22:39 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 22:39 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 22:39 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 22:39 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 22:39 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 22:39 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 22:39 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 22:39 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 22:39 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 22:39 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 22:39 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 22:39 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 22:39 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 22:39 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 22:39 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 22:39 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 22:39 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 22:39 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 22:39 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 22:39 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 22:39 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 22:39 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 22:39 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 22:39 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 22:39 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 22:39 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 22:39 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 22:39 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 22:39 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 22:39 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 22:39 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 22:39 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 22:39 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 22:39 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 06:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 06:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 06:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 06:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 06:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 10:57 - 2011-05-22 12:56 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\vlc
2014-10-11 10:54 - 2010-05-29 11:24 - 00000000 ____D () C:\Users\Ronald Brauer
2014-10-11 10:31 - 2013-01-01 11:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 10:10 - 2010-09-04 15:39 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 09:55 - 2013-12-03 14:01 - 00011767 _____ () C:\Windows\IE11_main.log
2014-10-11 08:09 - 2010-09-04 15:39 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 08:03 - 2009-07-14 06:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 08:03 - 2009-07-14 06:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 08:00 - 2010-05-29 11:24 - 01752912 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 07:59 - 2013-12-24 15:32 - 00002876 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-10-11 07:59 - 2013-12-24 15:32 - 00000434 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-10-11 07:59 - 2013-12-24 15:31 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-10-11 07:59 - 2013-02-09 10:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-11 07:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 07:54 - 2009-07-14 06:51 - 00220806 _____ () C:\Windows\setupact.log
2014-10-10 23:13 - 2010-04-27 18:45 - 00000000 ____D () C:\Users\Alternate
2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-10-10 23:12 - 2014-05-13 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-10 23:12 - 2014-05-13 20:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-10 23:12 - 2014-04-09 11:46 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\dvdcss
2014-10-10 23:12 - 2014-01-16 17:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 23:12 - 2013-07-05 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player
2014-10-10 23:12 - 2013-07-05 08:45 - 00000000 ____D () C:\Program Files (x86)\FLV Media Player
2014-10-10 23:12 - 2010-12-12 10:02 - 00000000 ____D () C:\ProgramData\Real
2014-10-10 23:12 - 2010-07-07 07:29 - 00000000 ___RD () C:\Program Files (x86)\Norton Support
2014-10-10 23:12 - 2010-05-29 12:17 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 14
2014-10-10 23:12 - 2010-05-29 11:50 - 00000000 ____D () C:\ProgramData\Norton
2014-10-10 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-10 23:05 - 2013-10-28 08:02 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Ron
2014-10-10 23:04 - 2014-01-16 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-10 23:04 - 2011-12-04 11:39 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\CrashDumps
2014-10-10 17:54 - 2011-11-14 08:26 - 00000000 ____D () C:\Users\Ronald Brauer\Documents\Symantec
2014-10-09 15:09 - 2013-11-16 10:57 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Ebay
2014-10-06 20:58 - 2013-07-29 19:32 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Spitz
2014-09-29 10:28 - 2009-07-14 19:58 - 00702942 _____ () C:\Windows\system32\perfh007.dat
2014-09-29 10:28 - 2009-07-14 19:58 - 00150582 _____ () C:\Windows\system32\perfc007.dat
2014-09-29 10:28 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 09:37 - 2013-01-17 22:29 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Office
2014-09-27 09:54 - 2011-07-12 06:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-27 09:53 - 2011-01-29 16:15 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-27 09:37 - 2011-01-29 16:14 - 00000000 ____D () C:\ProgramData\Apple
2014-09-27 09:33 - 2013-01-02 18:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-26 18:41 - 2014-08-25 18:17 - 00003862 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408983440
2014-09-26 18:41 - 2014-08-25 18:17 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-25 12:07 - 2012-12-24 07:57 - 00003408 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-25 12:01 - 2010-05-29 11:54 - 00605694 _____ () C:\Windows\PFRO.log
2014-09-25 08:33 - 2010-12-12 10:02 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Real
2014-09-25 08:32 - 2012-12-24 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-09-25 08:32 - 2010-12-12 10:02 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-25 07:37 - 2013-02-09 10:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-25 06:50 - 2013-07-03 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 23:31 - 2013-01-01 11:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 23:31 - 2012-06-07 07:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 23:31 - 2012-06-07 06:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 09:02 - 2012-01-03 18:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-18 18:25 - 2013-01-06 22:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 21:08 - 2010-12-29 12:34 - 00000000 ____D () C:\Users\Ronald Brauer\Documents\Aufnahmen
2014-09-17 20:36 - 2010-01-23 00:04 - 00000605 _____ () C:\Windows\m3jpeg.ini
2014-09-17 20:35 - 2010-05-29 11:25 - 00139656 _____ () C:\Users\Ronald Brauer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-17 20:14 - 2009-07-14 06:45 - 00502408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 12:12 - 2010-02-12 13:32 - 00522969 _____ () C:\Windows\DirectX.log
2014-09-17 12:01 - 2010-04-22 10:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-14 17:56 - 2009-07-14 04:34 - 00000941 _____ () C:\Windows\win.ini
2014-09-12 14:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 22:43 - 2009-08-21 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 22:38 - 2010-09-04 17:33 - 01602692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 22:37 - 2013-08-14 15:37 - 00000000 ____D () C:\Windows\system32\MRT
Some content of TEMP:
====================
C:\Users\Ronald Brauer\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\autorun.dll
C:\Users\Ronald Brauer\AppData\Local\Temp\avgnt.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\FoxySecurity6_FF_IE_Setup-GIGA.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\playpanel.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\Quarantine.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\sdan.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\sdapk.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\sdaspwn.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\stubhelper.dll
C:\Users\Ronald Brauer\AppData\Local\Temp\vlc-2.1.4-win64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 10:03
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01
Ran by Ronald Brauer at 2014-10-11 11:03:59
Running from C:\Users\Ronald Brauer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.23 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0923-010001000000}) (Version: 9.23.01.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.6.0.22 - Ihr Firmenname)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v7.09.13 (HKLM-x32\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
AMD DnD V1.0.20 (x32 Version: 1.0.20 - AMD) Hidden
AngelPacMan (HKLM-x32\...\AngelPacMan_is1) (Version: - )
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arx Fatalis (HKLM-x32\...\{96443F45-13E2-11D6-AC87-00D0B7A9E540}) (Version: 1.0.0 - JoWood)
Ashampoo Burning Studio 11 v.11.0.3 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.3 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{6741B646-3DBE-AF40-75FA-959847831D9F}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
AVM FRITZ!DSL (HKLM-x32\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bidou (HKLM-x32\...\Bidou_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrettspielWelt (HKLM-x32\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center HydraVision Full (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Discover Painting for Kids SE (HKLM-x32\...\Discover Painting for Kids SE) (Version: - )
Dominoes Deluxe (HKLM-x32\...\Dominoes Deluxe) (Version: - )
dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - )
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.0 - PC Drivers HeadQuarters)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic)
FLV Media Player version 1.3 (HKLM-x32\...\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1) (Version: 1.3 - FLVMPlayer)
Free Audio CD Burner version 1.4.7 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Studio version 5.0.6 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.9.725 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.9.725 - DVDVideoSoft Ltd.)
Freemake Music Box (HKLM-x32\...\Freemake Music Box_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Galaxy of Games Gold Edition (HKLM-x32\...\Galaxy of Games Gold Edition) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{1F0342F5-8369-3CD1-99DD-E9BC44473708}) (Version: 65.107.16500 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
gotomaxx PDFMAILER (HKLM-x32\...\{01310914-E3B8-40E8-BCF7-9C42E0639A43}) (Version: 5.0.21 - gotomaxx GmbH)
High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
IZArc 4.1.7 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.7 - Ivan Zahariev)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.4276.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{E5AB3F65-7FAC-41C6-B176-7599D2404BB2}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - )
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mini Golf Special Edition (HKLM-x32\...\Mini Golf Special Edition) (Version: - )
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Morgan M-JPEG codec V3 (HKLM-x32\...\m3jpegV3) (Version: - )
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.15600.1.17 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{24A500E4-0B12-4D62-9973-2C7E23CCA750}) (Version: 11.0.16401 - Nero AG)
Nero Kwik Media (x32 Version: 1.10.24000.138.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.0.0.90 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
OnLine TV Lite (HKLM-x32\...\OnLine TV Lite) (Version: 2.1.3.0 - Intech Software Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6010 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Search App by Ask (HKLM-x32\...\{5245414C-312D-5350-00A7-A758B70C1101}) (Version: 12.17.1.66 - APN, LLC) <==== ATTENTION
simfy (HKLM-x32\...\Simfy) (Version: 1.3.0 - simfy GmbH)
simfy (x32 Version: 1.3.0 - simfy GmbH) Hidden
Super Internet TV v8.1 (Free Edition) (HKCU\...\Super Internet TV (Free Edition)_is1) (Version: - Ahusoft)
Toggla (HKLM-x32\...\Toggla) (Version: 0.0.9 - UNKNOWN)
Toggla (x32 Version: 0.0.9 - UNKNOWN) Hidden
TVAnts 1.0 (HKLM-x32\...\TVAnts 1.0) (Version: - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2689304980-1437917653-2625238874-1004_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
==================== Restore Points =========================
30-09-2014 08:49:15 Geplanter Prüfpunkt
08-10-2014 07:59:38 Geplanter Prüfpunkt
10-10-2014 06:17:43 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2012-03-29 14:38 - 00001395 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02653693-FFAA-4B55-9D83-46D4235F3AFC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {11FB2C63-AD97-418A-B1BF-38A9891C3676} - \DSite No Task File <==== ATTENTION
Task: {255A74B0-FB47-44FB-986F-E77AA6F70B17} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {25B04B1D-C2A4-47C7-9DEF-1F6FE9263CED} - System32\Tasks\Opera scheduled Autoupdate 1408983440 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {25E5690A-81CE-480B-A133-52814E12CCE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04] (Google Inc.)
Task: {29DECD71-5196-4743-A063-9C3AA7722902} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2014-09-25] (RealNetworks, Inc.)
Task: {35F44DD2-215D-4BBE-9AB1-F59718CBF153} - System32\Tasks\{774EE280-1E5C-48D2-ADD0-E2B2111A713E} => Firefox.exe
Task: {41053803-819B-42D1-8BA3-7A34E6B4C38B} - System32\Tasks\{E55232F6-A0EB-4053-877A-7D5053D8EEE7} => Firefox.exe
Task: {44CD8B6C-FAE5-472C-81FE-4E0C0001389E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {473560ED-C2D1-4696-B0A6-54D3C3215AF8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {6041AE2D-5DA0-415A-A570-6CF058AA560F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {63568D07-00A3-49BE-A62D-1E0C1C4D6A53} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {6B7B7D1E-5D94-4B25-83F2-121F8B55E497} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {6D9BC4D9-88FB-4E48-AFC4-BF38F61AA553} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {75368BED-C7A7-4368-A8BF-BDBF62D31DEF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {7813DABE-67D2-4176-A9CD-851AF0CF650F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {9E8278FD-6287-49A7-B24D-E2BCEE2E4471} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B01DCBB9-20B0-45B7-9CE2-4FA005E15F51} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {B6FC3F9B-432A-4B2D-8485-687B272AB688} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {BB0245A6-CCB7-4E13-ACF6-10D18865ACD9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CF8C14E0-5D97-417D-BFCF-FCF111FB772F} - System32\Tasks\{043202E6-11F1-4AEE-BDAB-4730F44A3185} => C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
Task: {D3B95EE5-41E2-498D-8306-5F379D0DF238} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {D488F925-1D7A-43CD-9378-BC869ECC9799} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {D6FC12A6-D575-4FE8-8F9A-BE2E7BCE6336} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {DC1111C6-A91D-44BF-9AEB-2613893AE18F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {DE9AA60A-FAC1-45F1-B22D-403B1557B6B2} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {E1E6B097-47B5-4D9D-A6A4-C855344C8061} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {E240B03C-C0C2-4BED-BCCF-BA8A29B7B401} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04] (Google Inc.)
Task: {E4E4F2B4-B061-465E-A9E9-50750C6E5E2E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)
Task: {E5D41443-FEEC-4897-A9CC-83B975DAF90E} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {F84995DD-A581-4769-92D7-225B2862F38C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-13 12:14 - 2010-10-28 20:22 - 00014848 _____ () C:\Windows\System32\gengpmon.dll
2014-07-24 12:47 - 2014-07-24 12:47 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-24 15:06 - 2014-07-24 15:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-12-29 12:34 - 2012-10-13 17:05 - 00042496 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
2014-05-06 23:19 - 2014-05-06 23:19 - 00302961 _____ () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2014-09-26 18:41 - 2014-09-26 18:41 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-09-25 08:31 - 2014-09-25 08:31 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-09-26 18:41 - 2014-09-26 18:41 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libglesv2.dll
2014-09-26 18:41 - 2014-09-26 18:41 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libegl.dll
2014-09-26 18:41 - 2014-09-26 18:41 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\ffmpegsumo.dll
2014-09-09 20:31 - 2014-09-09 20:31 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2689304980-1437917653-2625238874-500 - Administrator - Disabled)
Alternate (S-1-5-21-2689304980-1437917653-2625238874-1003 - Administrator - Enabled) => C:\Users\Alternate
Gast (S-1-5-21-2689304980-1437917653-2625238874-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2689304980-1437917653-2625238874-1002 - Limited - Enabled)
Ronald Brauer (S-1-5-21-2689304980-1437917653-2625238874-1004 - Administrator - Enabled) => C:\Users\Ronald Brauer
==================== Faulty Device Manager Devices =============
Name: Symantec Heuristics Driver
Description: Symantec Heuristics Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2014 11:04:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000003e70fd8
ID des fehlerhaften Prozesses: 0x748
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (10/10/2014 10:35:15 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/10/2014 09:18:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: DVSShellContextMenuExtension64.dll, Version: 1.0.0.1, Zeitstempel: 0x524d80e8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000b116
ID des fehlerhaften Prozesses: 0x794
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (10/10/2014 08:49:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: DVSShellContextMenuExtension64.dll, Version: 1.0.0.1, Zeitstempel: 0x524d80e8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000b116
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (10/10/2014 06:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xdec
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/10/2014 06:45:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1798
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/10/2014 06:38:41 PM) (Source: MsiInstaller) (EventID: 10005) (User: RonaldArno-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (10/10/2014 05:55:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x19f8
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/10/2014 05:55:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xaf0
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/10/2014 10:09:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
System errors:
=============
Error: (10/11/2014 07:56:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
SRTSP
SymIRON
Error: (10/11/2014 07:56:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/11/2014 07:56:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.
Error: (10/11/2014 07:55:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/11/2014 07:55:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/11/2014 07:55:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht.
Error: (10/11/2014 07:55:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/11/2014 07:55:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht.
Error: (10/11/2014 07:54:02 AM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Error: (10/11/2014 07:54:02 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-10 14:03:56.783
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:56.783
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:52.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:52.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:09.277
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:09.277
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:08.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:08.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:04.586
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:04.586
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 60%
Total physical RAM: 4062.05 MB
Available physical RAM: 1604.82 MB
Total Pagefile: 8122.29 MB
Available Pagefile: 5106.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:596.17 GB) (Free:17.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 9054905A)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-11 12:32:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD642JJ rev.1AA01118 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\RONALD~1\AppData\Local\Temp\fwldypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031c1000 46 bytes [00, 00, 00, 0F, 85, 57, A3, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031c102f 25 bytes [00, 01, 0F, 84, 11, A3, 01, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077641465 2 bytes [64, 77]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776414bb 2 bytes [64, 77]
.text ... * 2
.text C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe[808] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077668791 5 bytes [33, C0, C2, 04, 00]
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [1904] (FreemakeUtilsService/Freemake)(2013-07-30 12:50:22) 0000000000310000
Library c:\users\ronald~1\appdata\local\temp\7zs3eb2\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2524] (HP Network Devices Support/Hewlett-Packard Co.)(2014-09-03 11:04:41) 0000000180000000
---- EOF - GMER 2.1 ----
|
|
11.10.2014, 12:22
| #2 | ||
| /// TB-Ausbilder   | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. Mehrere Anti-Virus-Programme Code:
ATTFilter Kaspersky
Avira
Norton
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Sobald du zwei der drei AV-Programm deinstallierst hast, FRST bitte neu vom Desktop ausführen:
|
|
11.10.2014, 13:16
| #3 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Hallo Matthias,
__________________Danke für die schnelle Antwort. Avira und Norten kann ich nicht per Deinstallation entfernen, das System reagiert nicht. Das war auch bei der Installation von Kaspersky so (welches ich benutzen will). Anbei die neuen Dateien. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by Ronald Brauer (administrator) on RONALDARNO-PC on 11-10-2014 14:04:10
Running from C:\Users\Ronald Brauer\Desktop
Loaded Profile: Ronald Brauer (Available profiles: Alternate & Ronald Brauer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9639424 2009-12-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] => C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-05-06] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-09-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-22] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] ()
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Run: [SkypePM] => C:\Users\Ronald Brauer\AppData\Local\Skype\SkypePM.exe
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\MountPoints2: {4a1491d6-6b03-11df-890c-e0cb4ee93fcb} - E:\pushinst.exe
HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\MountPoints2: {785f4105-bac9-11e0-b9f8-001c4afac163} - F:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2184C2CA12FFCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://native-search.com/?channel=de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {318DFEB2-3449-4101-B00B-860AE0D34878} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
SearchScopes: HKCU - {42C7DE53-739B-41E2-AF9F-788A5A156AFF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2708334
SearchScopes: HKCU - {8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {99ECA7F7-DAE1-4e86-995F-A80FB51AB0CA} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://web.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @phonostar.de/phonostar -> C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Ronald Brauer\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF user.js: detected! => C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js
FF user.js: detected! => C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260 (2).dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\amazon-icon@giga.de [2014-09-25]
FF Extension: HTTPS-Everywhere - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2013-12-19]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\sparpilot@sparpilot.com [2014-09-25]
FF Extension: Cookie Monster - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2013-12-19]
FF Extension: UnPlug - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\unplug@compunach.xpi [2013-08-06]
FF Extension: JonDoFox - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-11-08]
FF Extension: NoScript - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28]
FF Extension: Adblock Plus - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\elemhidehelper@adblockplus.org.xpi [2014-10-11]
FF Extension: All-in-One Sidebar - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-10-11]
FF Extension: Adblock Plus - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn [2011-11-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn [2013-05-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
Chrome:
=======
CHR Profile: C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bazaar Friend) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2014-03-07]
CHR Extension: (Boston MarketOne) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-03-07]
CHR Extension: (InfoBird Pro) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-03-07]
CHR Extension: (RealPlayer Downloader) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-07]
CHR Extension: (Real Summer Sale) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj [2014-03-07]
CHR Extension: (DVDVideoSoft) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-03-07]
CHR Extension: (Google Wallet) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\RONALD~1\AppData\Local\InfoBirdPro.crx [2013-08-04]
CHR HKLM\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKCU\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\RONALD~1\AppData\Local\InfoBirdPro.crx [2013-08-04]
CHR HKCU\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\RONALD~1\AppData\Local\InfoBirdPro.crx [2013-08-04]
CHR HKLM-x32\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Ronald Brauer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-09-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-22] (APN LLC.)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-06-06] (Freemake) [File not signed]
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-05-06] () [File not signed]
R2 HPSLPSVC; C:\Users\Ronald Brauer\AppData\Local\Temp\7zS3EB2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S2 DatamngrCoordinator2; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [1390680 2013-04-13] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-12] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-14] (Symantec Corporation)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130502.001\IDSvia64.sys [513184 2013-03-13] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-09-25] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-09-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-08-25] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130503.004\ENG64.SYS [126192 2013-03-15] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130503.004\EX64.SYS [2087664 2013-03-15] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-11] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-26] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 cpuz130; \??\C:\Users\ALTERN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [X]
U3 fwldypob; \??\C:\Users\RONALD~1\AppData\Local\Temp\fwldypob.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 13:51 - 2014-10-11 10:52 - 00050477 _____ () C:\Users\Ronald Brauer\Desktop\Defogger.exe
2014-10-11 13:50 - 2014-10-11 12:16 - 00380416 _____ () C:\Users\Ronald Brauer\Desktop\Gmer-19357.exe
2014-10-11 13:50 - 2014-10-11 11:01 - 02109952 _____ (Farbar) C:\Users\Ronald Brauer\Desktop\FRST64.exe
2014-10-11 13:36 - 2014-10-11 14:02 - 00047191 _____ () C:\Users\Ronald Brauer\Desktop\Addition.txt
2014-10-11 13:36 - 2014-10-11 10:54 - 00000488 _____ () C:\Users\Ronald Brauer\Desktop\defogger_disable.log
2014-10-11 13:35 - 2014-10-11 14:04 - 00036451 _____ () C:\Users\Ronald Brauer\Desktop\FRST.txt
2014-10-11 13:35 - 2014-10-11 12:32 - 00002594 _____ () C:\Users\Ronald Brauer\Desktop\Gmer.txt
2014-10-11 12:32 - 2014-10-11 12:32 - 00002594 _____ () C:\Users\Ronald Brauer\Downloads\Gmer.txt
2014-10-11 12:16 - 2014-10-11 12:16 - 00380416 _____ () C:\Users\Ronald Brauer\Downloads\Gmer-19357.exe
2014-10-11 11:03 - 2014-10-11 11:04 - 00047041 _____ () C:\Users\Ronald Brauer\Downloads\Addition.txt
2014-10-11 11:02 - 2014-10-11 14:04 - 00000000 ____D () C:\FRST
2014-10-11 11:02 - 2014-10-11 11:04 - 00062872 _____ () C:\Users\Ronald Brauer\Downloads\FRST.txt
2014-10-11 11:01 - 2014-10-11 11:01 - 02109952 _____ (Farbar) C:\Users\Ronald Brauer\Downloads\FRST64.exe
2014-10-11 10:54 - 2014-10-11 10:54 - 00000488 _____ () C:\Users\Ronald Brauer\Downloads\defogger_disable.log
2014-10-11 10:54 - 2014-10-11 10:54 - 00000000 _____ () C:\Users\Ronald Brauer\defogger_reenable
2014-10-11 10:52 - 2014-10-11 10:52 - 00050477 _____ () C:\Users\Ronald Brauer\Downloads\Defogger.exe
2014-10-11 10:38 - 2014-10-11 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-10-11 10:38 - 2014-10-11 10:46 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-10-11 10:37 - 2014-10-11 10:37 - 07887208 _____ (383 Media, Inc.) C:\Users\Ronald Brauer\Downloads\DriverRestore.exe
2014-10-11 09:46 - 2014-10-11 09:47 - 31766208 _____ (Microsoft Corporation) C:\Users\Ronald Brauer\Downloads\Windows-KB890830-x64-V5.16.exe
2014-10-10 22:57 - 2014-10-10 22:57 - 04300993 _____ () C:\Users\Ronald Brauer\Desktop\Kaspersky_AutoCollector_Results.zip
2014-10-10 22:54 - 2014-10-10 22:54 - 00619921 _____ () C:\Users\Ronald Brauer\Downloads\KL-AutoCollector_4.6.exe
2014-10-10 18:49 - 2014-10-10 23:04 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-10 14:17 - 2014-10-10 14:20 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\ReportMaker
2014-10-10 12:28 - 2014-10-10 12:28 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Alte Firefox-Daten
2014-09-29 09:38 - 2014-10-10 23:12 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Spiele
2014-09-27 09:54 - 2014-09-27 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-27 09:54 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-27 09:53 - 2014-09-27 09:54 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-27 09:53 - 2014-09-27 09:54 - 00000000 ____D () C:\Program Files\iTunes
2014-09-27 09:53 - 2014-09-27 09:53 - 00000000 ____D () C:\Program Files\iPod
2014-09-27 09:37 - 2014-09-27 09:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-27 09:33 - 2014-09-27 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-25 09:09 - 2014-09-25 09:09 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp7396b31d089ca2ea579fbca3f7e0c016
2014-09-25 09:09 - 2014-09-25 09:09 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp5426677acd666adac6effd455d779184
2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\Downloads\RealPlayer
2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\ChromeExtensions
2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp8a1a82856b1bcb67b2e739846712d61c
2014-09-25 09:07 - 2014-09-25 09:07 - 01047192 _____ () C:\Users\Ronald Brauer\Downloads\RealPlayer-lnstall.exe
2014-09-25 08:34 - 2014-10-10 23:12 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\AskPartnerNetwork
2014-09-25 08:33 - 2014-10-10 23:12 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-09-25 08:33 - 2014-09-25 08:33 - 00000000 ____D () C:\ProgramData\APN
2014-09-25 08:32 - 2014-09-25 08:32 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-09-25 08:31 - 2014-09-25 08:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2014-09-25 08:31 - 2014-09-25 08:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2014-09-25 08:30 - 2014-09-25 08:30 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-09-25 07:38 - 2014-10-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-09-25 07:38 - 2014-09-25 12:04 - 00002334 _____ () C:\Users\Ronald Brauer\Desktop\Sicherer Zahlungsverkehr.lnk
2014-09-25 07:38 - 2014-09-25 07:38 - 00001196 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-09-25 07:38 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-09-25 07:37 - 2014-09-25 07:42 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-25 07:37 - 2014-09-25 07:42 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-25 07:37 - 2014-09-25 07:37 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-25 07:37 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-09-25 07:10 - 2014-09-25 07:10 - 00000000 ___SD () C:\Users\Ronald Brauer\Documents\Passwords Database
2014-09-23 09:02 - 2014-09-23 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-23 09:02 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-23 09:02 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-23 09:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-23 09:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-23 09:01 - 2014-09-23 09:02 - 00004686 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-23 08:59 - 2014-09-23 08:59 - 00918952 _____ (Oracle Corporation) C:\Users\Ronald Brauer\Downloads\jxpiinstall(2).exe
2014-09-23 08:40 - 2014-09-23 08:40 - 00031596 _____ () C:\Windows\SysWOW64\hs_err_pid5112.log
2014-09-22 20:40 - 2014-09-23 09:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-22 20:36 - 2014-09-22 20:36 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brettspielwelt
2014-09-22 20:35 - 2014-09-22 20:35 - 03170210 _____ (BrettspielWelt GmbH) C:\Users\Ronald Brauer\Downloads\BrettspielWelt(1).exe
2014-09-20 14:43 - 2014-09-20 14:45 - 89130271 _____ () C:\Users\Ronald Brauer\Downloads\imdb2014-w1-2%20pip.mp4
2014-09-20 07:51 - 2014-10-11 08:00 - 00003366 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-20 07:51 - 2014-10-11 08:00 - 00003248 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-19 09:25 - 2014-09-24 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 19:04 - 2014-09-17 19:04 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWood
2014-09-17 19:04 - 2014-09-17 19:04 - 00000000 ____D () C:\Program Files (x86)\JoWood
2014-09-17 12:21 - 2014-09-17 12:21 - 00000909 _____ () C:\Users\Alternate\Desktop\Bidou.lnk
2014-09-17 12:21 - 2014-09-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bidou
2014-09-17 12:21 - 2014-09-17 12:21 - 00000000 ____D () C:\Program Files (x86)\Bidou
2014-09-17 12:20 - 2014-09-17 12:20 - 00001008 _____ () C:\Users\Ronald Brauer\Desktop\AngelPacMan.lnk
2014-09-17 12:20 - 2014-09-17 12:20 - 00001008 _____ () C:\Users\Alternate\Desktop\AngelPacMan.lnk
2014-09-17 12:20 - 2014-09-17 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AngelPacMan
2014-09-17 12:20 - 2014-09-17 12:20 - 00000000 ____D () C:\Program Files (x86)\AngelPacMan
2014-09-17 12:12 - 2014-09-17 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701
2014-09-17 12:01 - 2014-09-17 12:16 - 00000000 ____D () C:\Program Files (x86)\Anno 1701
2014-09-14 17:48 - 2014-09-17 20:35 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-14 17:46 - 2014-09-14 17:56 - 00000000 ____D () C:\Program Files (x86)\eGames
2014-09-14 17:46 - 2014-09-14 17:46 - 00001828 _____ () C:\Users\Alternate\Desktop\eGames.lnk
2014-09-14 17:46 - 2014-09-14 17:46 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eGames
2014-09-14 17:46 - 2014-09-14 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
2014-09-14 17:46 - 2000-07-17 13:41 - 00070088 _____ (xx) C:\Windows\SysWOW64\Project2-1.ocx
2014-09-14 17:46 - 2000-03-21 15:37 - 00001760 _____ () C:\Windows\SysWOW64\objsafe.tlb
2014-09-14 17:46 - 2000-01-05 14:10 - 00614672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2014-09-14 17:46 - 2000-01-05 14:10 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-09-14 17:46 - 2000-01-05 14:10 - 00143632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2014-09-14 17:46 - 2000-01-05 14:10 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-09-14 17:46 - 1999-12-07 11:00 - 01384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2014-09-14 17:46 - 1999-05-07 00:00 - 00082960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Picclp32.ocx
2014-09-14 17:46 - 1999-03-25 23:00 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2014-09-14 17:46 - 1998-05-30 23:00 - 00022288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2014-09-13 15:56 - 2014-09-30 07:58 - 00003388 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-13 15:56 - 2014-09-30 07:58 - 00003270 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-11 22:39 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 22:39 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 22:39 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 22:39 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 22:39 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 22:39 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 22:39 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 22:39 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 22:39 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 22:39 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 22:39 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 22:39 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 22:39 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 22:39 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 22:39 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 22:39 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 22:39 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 22:39 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 22:39 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 22:39 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 22:39 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 22:39 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 22:39 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 22:39 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 22:39 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 22:39 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 22:39 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 22:39 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 22:39 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 22:39 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 22:39 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 22:39 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 22:39 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 22:39 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 22:39 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 22:39 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 22:39 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 22:39 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 22:39 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 22:39 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 22:39 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 22:39 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 22:39 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 22:39 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 22:39 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 22:39 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 22:39 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 22:39 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 22:39 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 22:39 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 22:39 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 22:39 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 22:39 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 22:39 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 22:39 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 22:39 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 06:26 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 06:26 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 06:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 06:26 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 06:26 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-11 13:31 - 2013-01-01 11:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 13:10 - 2010-09-04 15:39 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 12:34 - 2010-05-29 11:24 - 01753188 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 12:15 - 2011-12-04 11:39 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\CrashDumps
2014-10-11 10:57 - 2011-05-22 12:56 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\vlc
2014-10-11 10:54 - 2010-05-29 11:24 - 00000000 ____D () C:\Users\Ronald Brauer
2014-10-11 09:55 - 2013-12-03 14:01 - 00011767 _____ () C:\Windows\IE11_main.log
2014-10-11 08:09 - 2010-09-04 15:39 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 08:03 - 2009-07-14 06:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 08:03 - 2009-07-14 06:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 07:59 - 2013-12-24 15:32 - 00002876 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-10-11 07:59 - 2013-12-24 15:32 - 00000434 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-10-11 07:59 - 2013-12-24 15:31 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-10-11 07:59 - 2013-02-09 10:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-11 07:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 07:54 - 2009-07-14 06:51 - 00220806 _____ () C:\Windows\setupact.log
2014-10-10 23:13 - 2010-04-27 18:45 - 00000000 ____D () C:\Users\Alternate
2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-10-10 23:12 - 2014-05-13 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-10 23:12 - 2014-05-13 20:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-10 23:12 - 2014-04-09 11:46 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\dvdcss
2014-10-10 23:12 - 2014-01-16 17:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 23:12 - 2013-07-05 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player
2014-10-10 23:12 - 2013-07-05 08:45 - 00000000 ____D () C:\Program Files (x86)\FLV Media Player
2014-10-10 23:12 - 2010-12-12 10:02 - 00000000 ____D () C:\ProgramData\Real
2014-10-10 23:12 - 2010-07-07 07:29 - 00000000 ___RD () C:\Program Files (x86)\Norton Support
2014-10-10 23:12 - 2010-05-29 12:17 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 14
2014-10-10 23:12 - 2010-05-29 11:50 - 00000000 ____D () C:\ProgramData\Norton
2014-10-10 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-10 23:05 - 2013-10-28 08:02 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Ron
2014-10-10 23:04 - 2014-01-16 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-10 17:54 - 2011-11-14 08:26 - 00000000 ____D () C:\Users\Ronald Brauer\Documents\Symantec
2014-10-09 15:09 - 2013-11-16 10:57 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Ebay
2014-10-06 20:58 - 2013-07-29 19:32 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Spitz
2014-09-29 10:28 - 2009-07-14 19:58 - 00702942 _____ () C:\Windows\system32\perfh007.dat
2014-09-29 10:28 - 2009-07-14 19:58 - 00150582 _____ () C:\Windows\system32\perfc007.dat
2014-09-29 10:28 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 09:37 - 2013-01-17 22:29 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Office
2014-09-27 09:54 - 2011-07-12 06:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-27 09:53 - 2011-01-29 16:15 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-27 09:37 - 2011-01-29 16:14 - 00000000 ____D () C:\ProgramData\Apple
2014-09-27 09:33 - 2013-01-02 18:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-26 18:41 - 2014-08-25 18:17 - 00003862 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408983440
2014-09-26 18:41 - 2014-08-25 18:17 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-25 12:07 - 2012-12-24 07:57 - 00003408 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004
2014-09-25 12:01 - 2010-05-29 11:54 - 00605694 _____ () C:\Windows\PFRO.log
2014-09-25 08:33 - 2010-12-12 10:02 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Real
2014-09-25 08:32 - 2012-12-24 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-09-25 08:32 - 2010-12-12 10:02 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-25 07:37 - 2013-02-09 10:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-25 06:50 - 2013-07-03 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 23:31 - 2013-01-01 11:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 23:31 - 2012-06-07 07:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 23:31 - 2012-06-07 06:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 09:02 - 2012-01-03 18:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-18 18:25 - 2013-01-06 22:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 21:08 - 2010-12-29 12:34 - 00000000 ____D () C:\Users\Ronald Brauer\Documents\Aufnahmen
2014-09-17 20:36 - 2010-01-23 00:04 - 00000605 _____ () C:\Windows\m3jpeg.ini
2014-09-17 20:35 - 2010-05-29 11:25 - 00139656 _____ () C:\Users\Ronald Brauer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-17 20:14 - 2009-07-14 06:45 - 00502408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 12:12 - 2010-02-12 13:32 - 00522969 _____ () C:\Windows\DirectX.log
2014-09-17 12:01 - 2010-04-22 10:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-14 17:56 - 2009-07-14 04:34 - 00000941 _____ () C:\Windows\win.ini
2014-09-12 14:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 22:43 - 2009-08-21 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 22:38 - 2010-09-04 17:33 - 01602692 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 22:37 - 2013-08-14 15:37 - 00000000 ____D () C:\Windows\system32\MRT
Some content of TEMP:
====================
C:\Users\Ronald Brauer\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\autorun.dll
C:\Users\Ronald Brauer\AppData\Local\Temp\avgnt.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\FoxySecurity6_FF_IE_Setup-GIGA.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\playpanel.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\Quarantine.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\sdan.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\sdapk.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\sdaspwn.exe
C:\Users\Ronald Brauer\AppData\Local\Temp\stubhelper.dll
C:\Users\Ronald Brauer\AppData\Local\Temp\vlc-2.1.4-win64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 10:03
==================== End Of Log ============================
und Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01
Ran by Ronald Brauer at 2014-10-11 14:04:33
Running from C:\Users\Ronald Brauer\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.23 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0923-010001000000}) (Version: 9.23.01.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.6.0.22 - Ihr Firmenname)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v7.09.13 (HKLM-x32\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
AMD DnD V1.0.20 (x32 Version: 1.0.20 - AMD) Hidden
AngelPacMan (HKLM-x32\...\AngelPacMan_is1) (Version: - )
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arx Fatalis (HKLM-x32\...\{96443F45-13E2-11D6-AC87-00D0B7A9E540}) (Version: 1.0.0 - JoWood)
Ashampoo Burning Studio 11 v.11.0.3 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.3 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{6741B646-3DBE-AF40-75FA-959847831D9F}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
AVM FRITZ!DSL (HKLM-x32\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bidou (HKLM-x32\...\Bidou_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrettspielWelt (HKLM-x32\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center HydraVision Full (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Discover Painting for Kids SE (HKLM-x32\...\Discover Painting for Kids SE) (Version: - )
Dominoes Deluxe (HKLM-x32\...\Dominoes Deluxe) (Version: - )
dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - )
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.0 - PC Drivers HeadQuarters)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic)
FLV Media Player version 1.3 (HKLM-x32\...\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1) (Version: 1.3 - FLVMPlayer)
Free Audio CD Burner version 1.4.7 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Studio version 5.0.6 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.9.725 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.9.725 - DVDVideoSoft Ltd.)
Freemake Music Box (HKLM-x32\...\Freemake Music Box_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Galaxy of Games Gold Edition (HKLM-x32\...\Galaxy of Games Gold Edition) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{1F0342F5-8369-3CD1-99DD-E9BC44473708}) (Version: 65.107.16500 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
gotomaxx PDFMAILER (HKLM-x32\...\{01310914-E3B8-40E8-BCF7-9C42E0639A43}) (Version: 5.0.21 - gotomaxx GmbH)
High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
IZArc 4.1.7 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.7 - Ivan Zahariev)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.4276.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{E5AB3F65-7FAC-41C6-B176-7599D2404BB2}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - )
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mini Golf Special Edition (HKLM-x32\...\Mini Golf Special Edition) (Version: - )
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Morgan M-JPEG codec V3 (HKLM-x32\...\m3jpegV3) (Version: - )
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.15600.1.17 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{24A500E4-0B12-4D62-9973-2C7E23CCA750}) (Version: 11.0.16401 - Nero AG)
Nero Kwik Media (x32 Version: 1.10.24000.138.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.0.0.90 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
OnLine TV Lite (HKLM-x32\...\OnLine TV Lite) (Version: 2.1.3.0 - Intech Software Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6010 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Search App by Ask (HKLM-x32\...\{5245414C-312D-5350-00A7-A758B70C1101}) (Version: 12.17.1.66 - APN, LLC) <==== ATTENTION
simfy (HKLM-x32\...\Simfy) (Version: 1.3.0 - simfy GmbH)
simfy (x32 Version: 1.3.0 - simfy GmbH) Hidden
Super Internet TV v8.1 (Free Edition) (HKCU\...\Super Internet TV (Free Edition)_is1) (Version: - Ahusoft)
Toggla (HKLM-x32\...\Toggla) (Version: 0.0.9 - UNKNOWN)
Toggla (x32 Version: 0.0.9 - UNKNOWN) Hidden
TVAnts 1.0 (HKLM-x32\...\TVAnts 1.0) (Version: - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2689304980-1437917653-2625238874-1004_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
==================== Restore Points =========================
30-09-2014 08:49:15 Geplanter Prüfpunkt
08-10-2014 07:59:38 Geplanter Prüfpunkt
10-10-2014 06:17:43 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2012-03-29 14:38 - 00001395 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02653693-FFAA-4B55-9D83-46D4235F3AFC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {11FB2C63-AD97-418A-B1BF-38A9891C3676} - \DSite No Task File <==== ATTENTION
Task: {255A74B0-FB47-44FB-986F-E77AA6F70B17} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {25B04B1D-C2A4-47C7-9DEF-1F6FE9263CED} - System32\Tasks\Opera scheduled Autoupdate 1408983440 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {25E5690A-81CE-480B-A133-52814E12CCE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04] (Google Inc.)
Task: {29DECD71-5196-4743-A063-9C3AA7722902} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2014-09-25] (RealNetworks, Inc.)
Task: {35F44DD2-215D-4BBE-9AB1-F59718CBF153} - System32\Tasks\{774EE280-1E5C-48D2-ADD0-E2B2111A713E} => Firefox.exe
Task: {41053803-819B-42D1-8BA3-7A34E6B4C38B} - System32\Tasks\{E55232F6-A0EB-4053-877A-7D5053D8EEE7} => Firefox.exe
Task: {44CD8B6C-FAE5-472C-81FE-4E0C0001389E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {473560ED-C2D1-4696-B0A6-54D3C3215AF8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {6041AE2D-5DA0-415A-A570-6CF058AA560F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {63568D07-00A3-49BE-A62D-1E0C1C4D6A53} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {6B7B7D1E-5D94-4B25-83F2-121F8B55E497} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {6D9BC4D9-88FB-4E48-AFC4-BF38F61AA553} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {75368BED-C7A7-4368-A8BF-BDBF62D31DEF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {7813DABE-67D2-4176-A9CD-851AF0CF650F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {9E8278FD-6287-49A7-B24D-E2BCEE2E4471} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B01DCBB9-20B0-45B7-9CE2-4FA005E15F51} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {B6FC3F9B-432A-4B2D-8485-687B272AB688} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {BB0245A6-CCB7-4E13-ACF6-10D18865ACD9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CF8C14E0-5D97-417D-BFCF-FCF111FB772F} - System32\Tasks\{043202E6-11F1-4AEE-BDAB-4730F44A3185} => C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
Task: {D3B95EE5-41E2-498D-8306-5F379D0DF238} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {D488F925-1D7A-43CD-9378-BC869ECC9799} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {D6FC12A6-D575-4FE8-8F9A-BE2E7BCE6336} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {DC1111C6-A91D-44BF-9AEB-2613893AE18F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {DE9AA60A-FAC1-45F1-B22D-403B1557B6B2} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {E1E6B097-47B5-4D9D-A6A4-C855344C8061} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {E240B03C-C0C2-4BED-BCCF-BA8A29B7B401} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04] (Google Inc.)
Task: {E4E4F2B4-B061-465E-A9E9-50750C6E5E2E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)
Task: {E5D41443-FEEC-4897-A9CC-83B975DAF90E} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {F84995DD-A581-4769-92D7-225B2862F38C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-13 12:14 - 2010-10-28 20:22 - 00014848 _____ () C:\Windows\System32\gengpmon.dll
2014-07-24 12:47 - 2014-07-24 12:47 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-24 15:06 - 2014-07-24 15:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-03-26 15:18 - 2012-07-20 15:39 - 02469888 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2010-12-29 12:34 - 2012-10-13 17:05 - 00042496 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
2014-05-06 23:19 - 2014-05-06 23:19 - 00302961 _____ () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-09-25 08:31 - 2014-09-25 08:31 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-09-25 08:31 - 2014-09-25 08:31 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2014-09-19 09:25 - 2014-09-24 23:23 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00699072 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-09-09 20:31 - 2014-09-09 20:31 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-04-22 13:00 - 2014-04-22 13:00 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-04-15 16:23 - 2014-04-15 16:23 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2689304980-1437917653-2625238874-500 - Administrator - Disabled)
Alternate (S-1-5-21-2689304980-1437917653-2625238874-1003 - Administrator - Enabled) => C:\Users\Alternate
Gast (S-1-5-21-2689304980-1437917653-2625238874-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2689304980-1437917653-2625238874-1002 - Limited - Enabled)
Ronald Brauer (S-1-5-21-2689304980-1437917653-2625238874-1004 - Administrator - Enabled) => C:\Users\Ronald Brauer
==================== Faulty Device Manager Devices =============
Name: Symantec Heuristics Driver
Description: Symantec Heuristics Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/11/2014 00:15:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0xd34
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (10/10/2014 11:04:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000003e70fd8
ID des fehlerhaften Prozesses: 0x748
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (10/10/2014 10:35:15 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (10/10/2014 09:18:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: DVSShellContextMenuExtension64.dll, Version: 1.0.0.1, Zeitstempel: 0x524d80e8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000b116
ID des fehlerhaften Prozesses: 0x794
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (10/10/2014 08:49:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: DVSShellContextMenuExtension64.dll, Version: 1.0.0.1, Zeitstempel: 0x524d80e8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000b116
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (10/10/2014 06:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xdec
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/10/2014 06:45:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1798
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/10/2014 06:38:41 PM) (Source: MsiInstaller) (EventID: 10005) (User: RonaldArno-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Mozilla Firefox
Error: (10/10/2014 05:55:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x19f8
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/10/2014 05:55:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xaf0
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
System errors:
=============
Error: (10/11/2014 07:56:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
SRTSP
SymIRON
Error: (10/11/2014 07:56:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/11/2014 07:56:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.
Error: (10/11/2014 07:55:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/11/2014 07:55:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/11/2014 07:55:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht.
Error: (10/11/2014 07:55:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/11/2014 07:55:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht.
Error: (10/11/2014 07:54:02 AM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Error: (10/11/2014 07:54:02 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-10 14:03:56.783
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:56.783
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:52.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:52.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:09.277
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:09.277
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:08.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:08.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:04.586
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:04.586
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 64%
Total physical RAM: 4062.05 MB
Available physical RAM: 1448.05 MB
Total Pagefile: 8122.29 MB
Available Pagefile: 5310.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:596.17 GB) (Free:17.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 9054905A)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ansonsten gib mir die Anweisung, wie ich Avira und Norton komplett entfernen kann. Ich kann es ohne Hilfe nicht. mfG Ronald |
|
11.10.2014, 14:29
| #4 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Servus, Norton mit Hilfe des Norton Removal Tools deinstallieren. Sollte das im normalen Modus nicht möglich sein, versuche das Tool im abgesicherten Modus zu starten. Versuche anschließend im abgesicherten Modus, Avira zu deinstallieren. Starte dann deinen Rechner wieder im normalen Modus und führe dort ComboFix aus: Scan mit Combofix
|
|
11.10.2014, 15:04
| #5 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Hallo, Norton Removal tool funktioniert nicht: Kann nicht ausgeführt werden, da Norton Utilities 14 und 15 auf dem Computer irgendwo sind. Norton kann auch nicht im abgesicherten Modus deaktiviert werden (gleiches Problem) und hier auch nicht per Norton Removal tool. Ebenso Avira nicht. Es kommt die Nachricht: Setup konnte das Feature Control File nicht finden oder nicht auslesen. Errorcode:7 (wie im Normal-Modus). Neuinstallation von Avira mit anschließender Deinstallation klappt auch nicht. ComboFix.exe meckert wegen Norton. Konnte es nur mit Hilfe des Dateimanagers an der Ausführung hindern (wurde eindringlich davor gewarnt es dennoch auszuführen!!!). Bin gespannt auf neue Ideen. Ronald Geändert von 123Ron (11.10.2014 um 15:12 Uhr) |
|
12.10.2014, 11:08
| #6 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Servus, Noron, Avira, Kaspersky deaktivieren und ComboFix ausführen (auch wenn gemeckert wird). |
|
12.10.2014, 16:12
| #7 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Hallo, habe die Combo wieder gestartet, hat mich aufgefordert, einen Wiederherstellungspunkt zu machen. Seit ca. 13 Uhr bin ich dabei, die Windows Sicherung zu machen, bislang 4 DVDs und erst 27 % lt. Anzeige. Das ist ja ne 24 h - Prozedur. Der Sonntag ist versaut... aber muß ja wohl sein. mfG Ronald Geändert von 123Ron (12.10.2014 um 16:48 Uhr) |
|
13.10.2014, 19:00
| #8 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Hallo, habe die Prozedur gestern abgebrochen (35 % um 23:00 Uhr). Heute im Internet die Lösung gefunden. Habe ComboFix ausgeführt, hier das Ergebnis: Code:
ATTFilter ComboFix 14-10-13.01 - Ronald Brauer 13.10.2014 19:31:00.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4062.2422 [GMT 2:00]
ausgeführt von:: c:\users\Ronald Brauer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-13 bis 2014-10-13 ))))))))))))))))))))))))))))))
.
.
2014-10-13 23:53 . 2014-10-13 17:12 -------- d-----w- c:\windows\Microsoft Antimalware
2014-10-13 17:41 . 2014-10-13 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-13 17:41 . 2014-10-13 17:41 -------- d-----w- c:\users\Alternate\AppData\Local\temp
2014-10-13 13:27 . 2014-10-13 13:27 -------- d-----w- c:\programdata\XDMessagingv4
2014-10-13 13:27 . 2014-10-13 13:27 -------- d-----w- c:\users\Ronald Brauer\AppData\Roaming\Abelssoft
2014-10-13 13:27 . 2014-10-13 17:12 -------- d-----w- c:\users\Ronald Brauer\AppData\Local\Abelssoft
2014-10-13 13:26 . 2014-10-13 17:12 -------- d-----w- c:\program files (x86)\CHIP Updater
2014-10-11 09:02 . 2014-10-11 12:04 -------- d-----w- C:\FRST
2014-10-10 16:49 . 2014-10-10 21:04 -------- d-----w- c:\programdata\Package Cache
2014-09-27 07:54 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-09-27 07:53 . 2014-09-27 07:53 -------- d-----w- c:\program files\iPod
2014-09-27 07:53 . 2014-09-27 07:54 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-27 07:53 . 2014-09-27 07:54 -------- d-----w- c:\program files\iTunes
2014-09-27 07:37 . 2014-09-27 07:37 -------- d-----w- c:\program files\Common Files\Apple
2014-09-25 07:09 . 2014-09-25 07:09 -------- d-----w- c:\users\Ronald Brauer\AppData\Local\Temp5426677acd666adac6effd455d779184
2014-09-25 07:09 . 2014-09-25 07:09 -------- d-----w- c:\users\Ronald Brauer\AppData\Local\Temp7396b31d089ca2ea579fbca3f7e0c016
2014-09-25 07:08 . 2014-09-25 07:08 -------- d-----w- c:\users\Ronald Brauer\ChromeExtensions
2014-09-25 07:08 . 2014-09-25 07:08 -------- d-----w- c:\users\Ronald Brauer\AppData\Local\Temp8a1a82856b1bcb67b2e739846712d61c
2014-09-25 06:34 . 2014-10-10 21:12 -------- d-----w- c:\users\Ronald Brauer\AppData\Local\AskPartnerNetwork
2014-09-25 06:33 . 2014-10-10 21:12 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2014-09-25 06:33 . 2014-09-25 06:33 -------- d-----w- c:\programdata\APN
2014-09-25 06:32 . 2014-09-25 06:32 -------- d-----w- c:\programdata\RealNetworks
2014-09-25 06:31 . 2014-09-25 06:31 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2014-09-25 06:30 . 2014-09-25 06:30 505416 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-09-25 05:38 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2014-09-25 05:37 . 2014-09-25 05:37 -------- d-----w- c:\windows\ELAMBKUP
2014-09-25 05:37 . 2014-09-25 05:42 792128 ----a-w- c:\windows\system32\drivers\klif.sys
2014-09-25 05:37 . 2014-09-25 05:42 140352 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-09-25 05:37 . 2014-04-10 15:25 243808 ----a-w- c:\windows\system32\drivers\klhk.sys
2014-09-23 07:02 . 2014-09-23 07:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-09-23 07:02 . 2014-07-25 10:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-22 18:40 . 2014-09-23 07:09 -------- d-----w- c:\programdata\Oracle
2014-09-17 17:04 . 2014-09-17 17:20 16896 ----a-r- c:\users\Ronald Brauer\AppData\Roaming\Microsoft\Installer\{96443F45-13E2-11D6-AC87-00D0B7A9E540}\Icon96443F453.exe
2014-09-17 17:04 . 2014-09-17 17:04 -------- d-----w- c:\program files (x86)\JoWood
2014-09-17 10:21 . 2014-09-17 10:21 -------- d-----w- c:\program files (x86)\Bidou
2014-09-17 10:20 . 2014-09-17 10:20 -------- d-----w- c:\program files (x86)\AngelPacMan
2014-09-17 10:01 . 2014-09-17 10:16 -------- d-----w- c:\program files (x86)\Anno 1701
2014-09-14 15:46 . 2000-01-05 12:10 143632 ----a-w- c:\windows\SysWow64\temp.004
2014-09-14 15:46 . 1998-05-30 21:00 22288 ----a-w- c:\windows\SysWow64\temp.005
2014-09-14 15:46 . 2000-07-17 11:41 70088 ----a-w- c:\windows\SysWow64\Project2-1.ocx
2014-09-14 15:46 . 2000-01-05 12:10 614672 ----a-w- c:\windows\SysWow64\temp.002
2014-09-14 15:46 . 2000-01-05 12:10 16896 ----a-w- c:\windows\SysWow64\temp.000
2014-09-14 15:46 . 2000-01-05 12:10 164112 ----a-w- c:\windows\SysWow64\temp.001
2014-09-14 15:46 . 1999-12-07 09:00 1384448 ----a-w- c:\windows\SysWow64\temp.003
2014-09-14 15:46 . 1999-05-06 22:00 82960 ----a-w- c:\windows\SysWow64\Picclp32.ocx
2014-09-14 15:46 . 1999-03-25 21:00 101888 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2014-09-14 15:46 . 2014-09-14 15:56 -------- d-----w- c:\program files (x86)\eGames
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-13 17:16 . 2013-12-24 13:31 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-09-23 21:31 . 2012-06-07 05:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 21:31 . 2012-06-07 04:49 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-29 11:01 . 2009-08-24 08:35 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-25 10:26 . 2014-05-13 18:41 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-23 02:07 . 2014-08-28 18:04 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 18:04 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 18:04 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-11 20:39 374968 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-11 20:39 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-11 20:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-11 20:39 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-11 20:39 2793984 ----a-w- c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-11 20:39 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-11 20:39 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-11 20:39 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-11 20:39 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-11 20:39 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-11 20:39 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-11 20:39 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-11 20:39 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-11 20:39 596480 ----a-w- c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-11 20:39 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-11 20:39 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-11 20:39 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-11 20:39 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-11 20:39 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-11 20:39 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-11 20:39 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-11 20:39 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-11 20:39 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-11 20:39 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-11 20:39 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-11 20:39 195584 ----a-w- c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-11 20:39 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-11 20:39 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-11 20:39 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-11 20:39 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-11 20:39 727040 ----a-w- c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-11 20:39 707072 ----a-w- c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-11 20:39 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-11 20:39 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-11 20:39 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-11 20:39 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-11 20:39 2310656 ----a-w- c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-11 20:39 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-11 20:39 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-11 20:39 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-11 20:39 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-11 20:39 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-08-07 02:06 . 2014-08-25 12:05 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-07 02:01 . 2014-08-25 12:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-25 11:03 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-25 11:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dradio-RecorderTimer"="c:\program files (x86)\dradio-Recorder\phonostarTimer.exe" [2012-10-13 42496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-06 751184]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2014-05-06 302961]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-09-25 296520]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-09-22 1942424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-9-25 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DatamngrCoordinator2;Datamngr Coordinator;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 cpuz130;cpuz130;c:\users\ALTERN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\ALTERN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130502.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130502.001\IDSvia64.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE;c:\program files (x86)\FRITZ!DSL\IGDCTRL.EXE [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 10:16 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 21:31]
.
2014-10-13 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 14:26]
.
2014-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:39]
.
2014-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-21 9639424]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://native-search.com/?channel=de
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = fritz.box;*.local
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Mit Mipony herunterladen - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\RONALD~1\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\
FF - prefs.js: browser.search.defaulturl - hxxp://native-search.com/search.php?channel=de&q=
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2689304980-1437917653-2625238874-1004)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2689304980-1437917653-2625238874-1004)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2689304980-1437917653-2625238874-1004)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2689304980-1437917653-2625238874-1004)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2689304980-1437917653-2625238874-1004)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-13 19:49:05
ComboFix-quarantined-files.txt 2014-10-13 17:49
ComboFix2.txt 2014-10-13 17:24
.
Vor Suchlauf: 22 Verzeichnis(se), 22.330.109.952 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 22.015.078.400 Bytes frei
.
- - End Of File - - 58E64B595585008BFFB1F7D8E30547E2
A36C5E4F47E84449FF07ED3517B43A31
mfG Ronald |
|
13.10.2014, 19:45
| #9 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Servus, ok, weiter hiermit: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
13.10.2014, 22:36
| #10 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Hallo again, Danke für die Anweisungen! Schritt 1 war ok: Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 13/10/2014 um 21:54:04
# DB v2014-10-13.5
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Ronald Brauer - RONALDARNO-PC
# Gestartet von : C:\Users\Ronald Brauer\Downloads\AdwCleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : APNMCP
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Ronald Brauer\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Ronald Brauer\AppData\Roaming\Mipony Download Manager Packages
Ordner Gelöscht : C:\Program Files\Enigma Software Group
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Ordner Gelöscht : C:\ProgramData\PC Drivers HeadQuarters
Ordner Gelöscht : C:\Program Files (x86)\PC Drivers HeadQuarters
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Ordner Gelöscht : C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl
Ordner Gelöscht : C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
Datei Gelöscht : C:\Users\Ronald Brauer\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\user.js
Datei Gelöscht : C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\user.js
***** [ Tasks ] *****
Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : driverupdate startup
Task Gelöscht : DSite
Task Gelöscht : Omiga Plus RunAsStdUser
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BandooUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BandooUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\JFileManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\DriverRestore
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.3 (x86 de)
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://native-search.com/search.php?channel=de&q=");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.BUTTON_STRUCTURE", "[{\"b\":221360012,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360013,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.firstKnownVersion", "6.33.3.42841");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=780bf93f&p2=^AYY^xpi000^YYA^");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.initialized", true);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.contextKey", "");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.installDate", "2014050623");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerId", "^AYY^xpi000^YYA^");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerSubId", "");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.success", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.isCompliantUninstallImplementation", true);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.lastKnownVersion", "6.33.3.46645");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.defaultSearch", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.homePageEnabled", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.keywordEnabled", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.tabEnabled", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.partnerPixelFired", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.searchHistory", "Dnjepropetrowsk");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.successUrl", "hxxp://allin1convert.dl.tb.ask.com/installComplete.jhtml");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.toolbarCollapsed", false);
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.weather.location", "10001");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
[fldfq28n.default-1392830494311] - Zeile gelöscht : user_pref("extensions.toolbar_REAL1-SP@apn.ask.com.install-event-fired", true);
[JonDoFox] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?tpid=REAL1-SP&o=APN11676&pf=V7&trgb=FF&p2=%5EBMR%5Eagn134%5EYY%5EDE&gct=hp&apn_ptnrs=BMR&apn_dtid=%5Eagn134%5EYY%5EDE&apn_dbr=ff_32.0.[...]
-\\ Google Chrome v37.0.2062.124
*************************
AdwCleaner[R0].txt - [89097 octets] - [06/05/2014 22:40:17]
AdwCleaner[R1].txt - [5951 octets] - [06/05/2014 23:21:50]
AdwCleaner[R2].txt - [13454 octets] - [13/10/2014 21:50:54]
AdwCleaner[S0].txt - [79339 octets] - [06/05/2014 22:41:30]
AdwCleaner[S1].txt - [5740 octets] - [06/05/2014 23:23:25]
AdwCleaner[S2].txt - [12973 octets] - [13/10/2014 21:54:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [13034 octets] ##########
Dennoch Bedrohungssuchlauf durchgeführt, 8 Bedrohungen gefunden und in Quarantäne gesteckt. Aber Logdatei ging nicht zu erstellen (Nachricht: Malwarebytes funktioniert nicht mehr). Also die Daten aus der Quarantäne rausgeholt und neuer Versuch. Diesmal nur 3 Objekte gefunden und Logdatei ging: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.10.2014 Suchlauf-Zeit: 22:52:16 Logdatei: abc.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.13.08 Rootkit Datenbank: v2014.10.11.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Ronald Brauer Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 405219 Verstrichene Zeit: 9 Min, 55 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2689304980-1437917653-2625238874-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DVDVideoSoftTB, In Quarantäne, [e6569c78522abc7afa806caabb48a15f], Registrierungswerte: 1 PUP.Optional.AdLyrics.A, HKU\S-1-5-21-2689304980-1437917653-2625238874-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|lrcspal@xinghao.net, C:\Program Files (x86)\XingHaoLyrics\FF\, In Quarantäne, [f349080cc9b354e27ce0a4e4bd479b65] Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 PUP.Optional.DVDVideoSoftTB.A, C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [0e2ebb59abd163d35b93bc536c976e92], Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 11-October-2014
Tool run by Ronald Brauer on 13.10.2014 at 23:11:06,39.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ronald Brauer\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
13.10.2014 23:12:10 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-2689304980-1437917653-2625238874-1004\Software\Mozilla\Firefox\Extensions\{ba5b6935-63e1-431c-8fc6-7504512d2b94} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\ALTERN~1\AppData\Roaming\Mozilla\Firefox\Profiles\7ik30xs6.default\prefs.js:
user_pref("browser.search.defaultenginename", "Yahoo");
Added to C:\Users\ALTERN~1\AppData\Roaming\Mozilla\Firefox\Profiles\7ik30xs6.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\prefs.js:
user_pref("browser.startup.homepage", "hxxp://web.de/");
user_pref("browser.search.defaultenginename", "Search");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js:
user_pref("browser.search.selectedEngine", "Ask Search");
user_pref("extensions.REAL1-SP.my-keyword-url", "\"\"");
user_pref("extensions.REAL1-SP.previous-keyword-url", "\"\"");
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("extensions.REAL1-SP.my-keyword-url", "\"\"");
user_pref("extensions.REAL1-SP.previous-keyword-url", "\"\"");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191\prefs.js:
Added to C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\ALTERN~1\AppData\Roaming\Mozilla\Firefox\Profiles\7ik30xs6.default
user.js not found
---- Lines {99079A25-328F-4BD4-BE04-00955ACAA0A7} modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
---- Lines {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} removed from prefs.js ----
user_pref("extensions.{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}.install-event-fired", true);
---- Lines {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} modified from prefs.js ----
user_pref("extensions.enabledItems", "{8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0,{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7.2,{ABDE892B-13A8-4d1b-88E6
---- FireFox user.js and prefs.js backups ----
prefs__2313_.backup
ProfilePath: C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__2313_.backup
ProfilePath: C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox
user.js not found
---- Lines {DEDAF650-12B8-48f5-A843-BBA100716106} removed from prefs.js ----
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.extensionFirstRun", false);
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.lastExtensionVersion", "2.0.0.588");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_installer_name", "spacksyahoo_717_active_2013-07-05-08-43-38");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_product_version", "2.0.0.588");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_temp_installer_name", "spacksyahoo_717_active_2013-07-05-08-43-38");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_toolbarID", "f5f62206a38b42928310ea2b06fbadb7");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_WSG_blackList", "");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_WSG_gtQueryParam", "UA-40576672-2");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_WSG_kswitch", "");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_WSG_redirectQueryParam1", "{18E191C8-E53E-11E2-A156-001C4AFAC163}");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_WSG_redirectQueryParam2", "3.5000006.10053&st=21");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_WSG_status", "active");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_WSG_upn2", "717");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.ScriptData_WSG_whiteList", "");
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.setdefaultsearch_2.0.0.588", false);
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.setdnscatch_2.0.0.413", false);
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.setdnscatch_2.0.0.588", false);
user_pref("{DEDAF650-12B8-48f5-A843-BBA100716106}.sethomepage_2.0.0.588", false);
---- Lines {DEDAF650-12B8-48f5-A843-BBA100716106} modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----
prefs__2313_.backup
ProfilePath: C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Deleting Files \ Folders ======================
"C:\user.js" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{7C9C2591-51ED-44FA-8D03-450B92643F95}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [25.09.2014 08:32]
==== Firefox Extensions ======================
ProfilePath: C:\Users\ALTERN~1\AppData\Roaming\Mozilla\Firefox\Profiles\7ik30xs6.default
- Undetermined - %ProfilePath%\extensions\staged
ProfilePath: C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311
- RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
- Cliqz Beta - %ProfilePath%\extensions\cliqz@cliqz.com
- Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi
- All-in-One Sidebar - %ProfilePath%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox
- HTTPS-Everywhere - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
- Cookie Monster - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
- RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
- Undetermined - C:\Program Files\Updater By Sweetpacks\Firefox
- DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Amazon-Icon - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\amazon-icon@giga.de
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
- Amazon-Icon - %ProfilePath%\extensions\amazon-icon@giga.de
- HTTPS-Everywhere - %ProfilePath%\extensions\https-everywhere@eff.org
- Undetermined - %ProfilePath%\extensions\staged
- Cookie Monster - %ProfilePath%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
- UnPlug - %ProfilePath%\extensions\unplug@compunach.xpi
- JonDoFox - %ProfilePath%\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- ProfileSwitcher - %ProfilePath%\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi
ProfilePath: C:\Users\RONALD~1\AppData\Roaming\Mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\6i1k08cm.default-1412936889191
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
7F62366CBA10F8DCFEE4C4756DA9A1ED - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
Profilepath: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
7F62366CBA10F8DCFEE4C4756DA9A1ED - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
Profilepath: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox
7F62366CBA10F8DCFEE4C4756DA9A1ED - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{274daec0-c4e8-4f30-9e5c-9424990769b9} Ask Web Search Url="hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}"
{318DFEB2-3449-4101-B00B-860AE0D34878} Yahoo! Search Url="hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}"
{42C7DE53-739B-41E2-AF9F-788A5A156AFF} Booksbario Customized Web Search Url="hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2708334"
{8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60} Yahoo Url="hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD"
{99ECA7F7-DAE1-4e86-995F-A80FB51AB0CA} Google Url="hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}"
==== Reset Google Chrome ======================
C:\Users\Alternate\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ronald Brauer\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Alternate\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ronald Brauer\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="fritz.box;*.local"
"ProxyOverride.Bonjour"=""
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyOverride.Bonjour"=""
"ProxyEnable"=dword:00000000
==== C:\zoek_backup content ======================
C:\zoek_backup (files=5 folders=0 73351 bytes)
==== EOF on 13.10.2014 at 23:14:00,74 ======================
|
|
13.10.2014, 22:38
| #11 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net So, Schritt 4 folgt hier: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Ronald Brauer at 2014-10-13 23:21:53
Running from C:\Users\Ronald Brauer\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
7-Zip 9.23 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0923-010001000000}) (Version: 9.23.01.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.6.0.22 - Ihr Firmenname)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v7.09.13 (HKLM-x32\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
AMD DnD V1.0.20 (x32 Version: 1.0.20 - AMD) Hidden
AngelPacMan (HKLM-x32\...\AngelPacMan_is1) (Version: - )
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arx Fatalis (HKLM-x32\...\{96443F45-13E2-11D6-AC87-00D0B7A9E540}) (Version: 1.0.0 - JoWood)
Ashampoo Burning Studio 11 v.11.0.3 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.3 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{6741B646-3DBE-AF40-75FA-959847831D9F}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
AVM FRITZ!DSL (HKLM-x32\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bidou (HKLM-x32\...\Bidou_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrettspielWelt (HKLM-x32\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
Browser Configuration Utility (HKLM-x32\...\{5B363E1D-8C36-4458-BAE4-D5081999E094}) (Version: 1.1.11.0 - DeviceVM) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center HydraVision Full (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Discover Painting for Kids SE (HKLM-x32\...\Discover Painting for Kids SE) (Version: - )
Dominoes Deluxe (HKLM-x32\...\Dominoes Deluxe) (Version: - )
dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version: - )
Driver Detective (HKLM-x32\...\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}) (Version: 8.0.0 - PC Drivers HeadQuarters)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic)
FLV Media Player version 1.3 (HKLM-x32\...\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1) (Version: 1.3 - FLVMPlayer)
Free Audio CD Burner version 1.4.7 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Studio version 5.0.6 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.9.725 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.9.725 - DVDVideoSoft Ltd.)
Freemake Music Box (HKLM-x32\...\Freemake Music Box_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Galaxy of Games Gold Edition (HKLM-x32\...\Galaxy of Games Gold Edition) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{1F0342F5-8369-3CD1-99DD-E9BC44473708}) (Version: 65.107.16500 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
gotomaxx PDFMAILER (HKLM-x32\...\{01310914-E3B8-40E8-BCF7-9C42E0639A43}) (Version: 5.0.21 - gotomaxx GmbH)
High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
IZArc 4.1.7 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.7 - Ivan Zahariev)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (x32 Version: 4.0.4276.0 - Microsoft Corporation) Hidden
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{E5AB3F65-7FAC-41C6-B176-7599D2404BB2}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - )
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mini Golf Special Edition (HKLM-x32\...\Mini Golf Special Edition) (Version: - )
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Morgan M-JPEG codec V3 (HKLM-x32\...\m3jpegV3) (Version: - )
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.15600.1.17 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{24A500E4-0B12-4D62-9973-2C7E23CCA750}) (Version: 11.0.16401 - Nero AG)
Nero Kwik Media (x32 Version: 1.10.24000.138.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.0.0.90 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
OnLine TV Lite (HKLM-x32\...\OnLine TV Lite) (Version: 2.1.3.0 - Intech Software Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6010 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Search App by Ask (HKLM-x32\...\{5245414C-312D-5350-00A7-A758B70C1101}) (Version: 12.17.1.66 - APN, LLC) <==== ATTENTION
simfy (HKLM-x32\...\Simfy) (Version: 1.3.0 - simfy GmbH)
simfy (x32 Version: 1.3.0 - simfy GmbH) Hidden
Super Internet TV v8.1 (Free Edition) (HKCU\...\Super Internet TV (Free Edition)_is1) (Version: - Ahusoft)
Toggla (HKLM-x32\...\Toggla) (Version: 0.0.9 - UNKNOWN)
Toggla (x32 Version: 0.0.9 - UNKNOWN) Hidden
TVAnts 1.0 (HKLM-x32\...\TVAnts 1.0) (Version: - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2689304980-1437917653-2625238874-1004_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
==================== Restore Points =========================
08-10-2014 07:59:38 Geplanter Prüfpunkt
10-10-2014 06:17:43 Wiederherstellungsvorgang
12-10-2014 10:47:42 ComboFix created restore point
12-10-2014 10:54:47 Windows-Sicherung
13-10-2014 11:41:15 Vor Ausführung von ComboFix.exe
13-10-2014 16:57:37 Montag abend
13-10-2014 21:11:47 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-13 21:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02653693-FFAA-4B55-9D83-46D4235F3AFC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {25B04B1D-C2A4-47C7-9DEF-1F6FE9263CED} - System32\Tasks\Opera scheduled Autoupdate 1408983440 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {25E5690A-81CE-480B-A133-52814E12CCE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04] (Google Inc.)
Task: {29DECD71-5196-4743-A063-9C3AA7722902} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2014-09-25] (RealNetworks, Inc.)
Task: {2A4371A0-2617-4E14-B65B-DB52F223A71B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {35F44DD2-215D-4BBE-9AB1-F59718CBF153} - System32\Tasks\{774EE280-1E5C-48D2-ADD0-E2B2111A713E} => Firefox.exe
Task: {41053803-819B-42D1-8BA3-7A34E6B4C38B} - System32\Tasks\{E55232F6-A0EB-4053-877A-7D5053D8EEE7} => Firefox.exe
Task: {44CD8B6C-FAE5-472C-81FE-4E0C0001389E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {473560ED-C2D1-4696-B0A6-54D3C3215AF8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {6041AE2D-5DA0-415A-A570-6CF058AA560F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {63568D07-00A3-49BE-A62D-1E0C1C4D6A53} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {6B7B7D1E-5D94-4B25-83F2-121F8B55E497} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {6D9BC4D9-88FB-4E48-AFC4-BF38F61AA553} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {75368BED-C7A7-4368-A8BF-BDBF62D31DEF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {7813DABE-67D2-4176-A9CD-851AF0CF650F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {9E8278FD-6287-49A7-B24D-E2BCEE2E4471} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B6FC3F9B-432A-4B2D-8485-687B272AB688} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {BB0245A6-CCB7-4E13-ACF6-10D18865ACD9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CF8C14E0-5D97-417D-BFCF-FCF111FB772F} - System32\Tasks\{043202E6-11F1-4AEE-BDAB-4730F44A3185} => C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe
Task: {D488F925-1D7A-43CD-9378-BC869ECC9799} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {D6FC12A6-D575-4FE8-8F9A-BE2E7BCE6336} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {DE9AA60A-FAC1-45F1-B22D-403B1557B6B2} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {E1E6B097-47B5-4D9D-A6A4-C855344C8061} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {E240B03C-C0C2-4BED-BCCF-BA8A29B7B401} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04] (Google Inc.)
Task: {E4E4F2B4-B061-465E-A9E9-50750C6E5E2E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)
Task: {F84995DD-A581-4769-92D7-225B2862F38C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {FBEE0BFC-A984-4E8B-851F-16799E6C03A1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-13 12:14 - 2010-10-28 20:22 - 00014848 _____ () C:\Windows\System32\gengpmon.dll
2013-03-26 15:18 - 2012-07-20 15:39 - 02469888 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2010-12-29 12:34 - 2012-10-13 17:05 - 00042496 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
2014-05-06 23:19 - 2014-05-06 23:19 - 00302961 _____ () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-04-22 10:26 - 2010-04-22 10:26 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-24 12:47 - 2014-07-24 12:47 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-24 15:06 - 2014-07-24 15:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-09-25 08:31 - 2014-09-25 08:31 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-09-19 09:25 - 2014-09-24 23:23 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-25 08:31 - 2014-09-25 08:31 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00699072 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2689304980-1437917653-2625238874-500 - Administrator - Disabled)
Alternate (S-1-5-21-2689304980-1437917653-2625238874-1003 - Administrator - Enabled) => C:\Users\Alternate
Gast (S-1-5-21-2689304980-1437917653-2625238874-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2689304980-1437917653-2625238874-1002 - Limited - Enabled)
Ronald Brauer (S-1-5-21-2689304980-1437917653-2625238874-1004 - Administrator - Enabled) => C:\Users\Ronald Brauer
==================== Faulty Device Manager Devices =============
Name: Symantec Heuristics Driver
Description: Symantec Heuristics Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/13/2014 11:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xb60
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/13/2014 11:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1334
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/13/2014 11:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xf68
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/13/2014 11:12:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1134
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/13/2014 10:29:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x3a8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (10/13/2014 09:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1734
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/13/2014 09:10:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x27f0
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/13/2014 08:59:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x24c0
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/13/2014 08:59:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x22e8
Startzeit der fehlerhaften Anwendung: 0xMobileMeServices.exe0
Pfad der fehlerhaften Anwendung: MobileMeServices.exe1
Pfad des fehlerhaften Moduls: MobileMeServices.exe2
Berichtskennung: MobileMeServices.exe3
Error: (10/13/2014 09:22:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
System errors:
=============
Error: (10/13/2014 10:03:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (10/13/2014 09:58:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
SRTSP
SymIRON
Error: (10/13/2014 09:58:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/13/2014 09:58:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.
Error: (10/13/2014 09:57:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Datamngr Coordinator" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/13/2014 09:57:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/13/2014 09:57:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht.
Error: (10/13/2014 09:57:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/13/2014 09:57:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht.
Error: (10/13/2014 09:55:34 PM) (Source: SRTSP) (EventID: 5) (User: )
Description: Error loading Symantec real time Anti-Virus driver.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-13 19:11:00.945
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-13 19:11:00.789
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-10 14:03:56.783
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:56.783
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:52.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:52.232
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:09.277
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:09.277
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:08.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-10 14:03:08.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 50%
Total physical RAM: 4062.05 MB
Available physical RAM: 1998.19 MB
Total Pagefile: 8122.29 MB
Available Pagefile: 5876.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:596.17 GB) (Free:20.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 9054905A)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02 Ran by Ronald Brauer (administrator) on RONALDARNO-PC on 13-10-2014 23:21:11 Running from C:\Users\Ronald Brauer\Desktop Loaded Profile: Ronald Brauer (Available profiles: Alternate & Ronald Brauer) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9639424 2009-12-21] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] => C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-05-06] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-09-25] (RealNetworks, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] () HKU\S-1-5-21-2689304980-1437917653-2625238874-1004\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2184C2CA12FFCA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {318DFEB2-3449-4101-B00B-860AE0D34878} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms} SearchScopes: HKCU - {42C7DE53-739B-41E2-AF9F-788A5A156AFF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2708334 SearchScopes: HKCU - {8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD SearchScopes: HKCU - {99ECA7F7-DAE1-4e86-995F-A80FB51AB0CA} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311 FF NewTab: hxxp://www.google.com/ FF DefaultSearchEngine: Google FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @phonostar.de/phonostar -> C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260 (2).dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud) FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml FF SearchPlugin: C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Amazon-Icon - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\amazon-icon@giga.de [2014-09-25] FF Extension: HTTPS-Everywhere - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2013-12-19] FF Extension: Cookie Monster - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2013-12-19] FF Extension: UnPlug - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\unplug@compunach.xpi [2013-08-06] FF Extension: JonDoFox - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-11-08] FF Extension: NoScript - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-28] FF Extension: Adblock Plus - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28] FF Extension: ProfileSwitcher - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28] FF Extension: Cliqz Beta - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\cliqz@cliqz.com [2014-10-13] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\elemhidehelper@adblockplus.org.xpi [2014-10-11] FF Extension: No Name - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-10-11] FF Extension: No Name - C:\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-11] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-19] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn [2011-11-14] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn [2013-05-04] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Bazaar Friend) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2014-03-07] CHR Extension: (Boston MarketOne) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-03-07] CHR Extension: (No Name) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-03-07] CHR Extension: (RealPlayer Downloader) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-07] CHR Extension: (Real Summer Sale) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj [2014-03-07] CHR Extension: (Google Wallet) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07] CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20] CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02] CHR HKLM\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02] CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20] CHR HKCU\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02] CHR HKCU\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02] CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2013-08-20] CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02] CHR HKLM-x32\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Ronald Brauer\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-09-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-06] (Avira Operations GmbH & Co. KG) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) [File not signed] R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-06-06] (Freemake) [File not signed] S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-05-06] () [File not signed] R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-25] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed] S2 DatamngrCoordinator2; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [42040 2014-07-10] (Avira Operations GmbH & Co. KG) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [1390680 2013-04-13] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-12] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-14] (Symantec Corporation) R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130502.001\IDSvia64.sys [513184 2013-03-13] (Symantec Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-09-25] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-09-25] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130503.004\ENG64.SYS [126192 2013-03-15] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130503.004\EX64.SYS [2087664 2013-03-15] (Symantec Corporation) S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-10-13] () R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-26] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz130; \??\C:\Users\ALTERN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 SYMFW; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [X] S3 SYMNDISV; \SystemRoot\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-14 01:53 - 2014-10-13 19:12 - 00000000 ____D () C:\Windows\Microsoft Antimalware 2014-10-13 23:21 - 2014-10-13 23:21 - 00032893 _____ () C:\Users\Ronald Brauer\Desktop\FRST.txt 2014-10-13 23:20 - 2014-10-13 23:20 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\FRST-OlderVersion 2014-10-13 23:11 - 2014-10-13 23:14 - 00020883 _____ () C:\zoek-results.log 2014-10-13 23:10 - 2014-10-13 23:08 - 01290752 _____ () C:\Users\Ronald Brauer\Desktop\zoek.exe 2014-10-13 23:08 - 2014-10-13 23:13 - 00000000 ____D () C:\zoek_backup 2014-10-13 23:08 - 2014-10-13 23:08 - 01290752 _____ () C:\Users\Ronald Brauer\Downloads\zoek.exe 2014-10-13 23:05 - 2014-10-13 23:05 - 00000374 _____ () C:\Users\Ronald Brauer\Desktop\mbam.txt.lnk 2014-10-13 23:04 - 2014-10-13 23:04 - 00001758 _____ () C:\def.txt 2014-10-13 23:03 - 2014-10-13 23:03 - 00001758 _____ () C:\abc.txt 2014-10-13 22:50 - 2014-10-13 22:50 - 00000304 _____ () C:\Users\Ronald Brauer\Desktop\mbam-safari.txt 2014-10-13 22:49 - 2014-10-13 22:49 - 00000000 _____ () C:\Users\Ronald Brauer\Desktop\Neues Textdokument (2).txt 2014-10-13 22:43 - 2014-10-13 22:43 - 00001166 _____ () C:\mbam.txt 2014-10-13 22:07 - 2014-10-13 22:31 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-13 22:06 - 2014-10-13 22:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ronald Brauer\Downloads\mbam-setup-2.0.2.1012.exe 2014-10-13 21:59 - 2014-10-13 21:59 - 00013239 _____ () C:\Users\Ronald Brauer\Desktop\AdwCleaner.txt 2014-10-13 21:58 - 2014-10-13 21:58 - 00000000 _____ () C:\Users\Ronald Brauer\Desktop\Neues Textdokument.txt 2014-10-13 21:42 - 2014-10-13 21:43 - 01976320 _____ () C:\Users\Ronald Brauer\Downloads\AdwCleaner_4.000.exe 2014-10-13 19:52 - 2014-10-13 19:55 - 00030783 _____ () C:\Users\Ronald Brauer\Desktop\Combofix.txt 2014-10-13 19:49 - 2014-10-13 19:49 - 00030783 _____ () C:\ComboFix.txt 2014-10-13 18:26 - 2014-10-13 18:27 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\CD- 2014-10-13 16:50 - 2014-10-13 16:50 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Neuer Ordner 2014-10-13 15:27 - 2014-10-13 19:12 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Abelssoft 2014-10-13 15:27 - 2014-10-13 15:27 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Abelssoft 2014-10-13 15:27 - 2014-10-13 15:27 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-10-13 15:26 - 2014-10-13 19:12 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2014-10-13 15:26 - 2014-10-13 15:26 - 01548631 _____ () C:\Users\Ronald Brauer\Downloads\defender41.zip 2014-10-13 15:13 - 2014-10-13 15:14 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Intenso USB 2014-10-12 12:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-10-12 12:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-10-12 12:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-10-12 12:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-10-12 12:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-10-12 12:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-10-12 12:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-10-12 12:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-10-11 15:51 - 2014-10-13 19:49 - 00000000 ____D () C:\Qoobox 2014-10-11 15:51 - 2014-10-13 19:22 - 00000000 ____D () C:\Windows\erdnt 2014-10-11 15:42 - 2014-10-13 18:54 - 05582915 ____R (Swearware) C:\Users\Ronald Brauer\Desktop\ComboFix.exe 2014-10-11 15:42 - 2014-10-11 15:40 - 00896048 _____ () C:\Users\Ronald Brauer\Desktop\Norton_Removal_Tool.exe 2014-10-11 15:40 - 2014-10-11 15:40 - 00896048 _____ () C:\Users\Ronald Brauer\Downloads\Norton_Removal_Tool.exe 2014-10-11 15:38 - 2014-10-11 15:38 - 05582481 _____ (Swearware) C:\Users\Ronald Brauer\Downloads\ComboFix.exe 2014-10-11 13:51 - 2014-10-11 10:52 - 00050477 _____ () C:\Users\Ronald Brauer\Desktop\Defogger.exe 2014-10-11 13:50 - 2014-10-13 23:20 - 02110464 _____ (Farbar) C:\Users\Ronald Brauer\Desktop\FRST64.exe 2014-10-11 13:50 - 2014-10-11 12:16 - 00380416 _____ () C:\Users\Ronald Brauer\Desktop\Gmer-19357.exe 2014-10-11 13:36 - 2014-10-11 14:04 - 00047192 _____ () C:\Users\Ronald Brauer\Desktop\Addition1.txt 2014-10-11 13:36 - 2014-10-11 10:54 - 00000488 _____ () C:\Users\Ronald Brauer\Desktop\defogger_disable.log 2014-10-11 13:35 - 2014-10-11 14:04 - 00063310 _____ () C:\Users\Ronald Brauer\Desktop\FRST1.txt 2014-10-11 13:35 - 2014-10-11 12:32 - 00002594 _____ () C:\Users\Ronald Brauer\Desktop\Gmer.txt 2014-10-11 12:32 - 2014-10-11 12:32 - 00002594 _____ () C:\Users\Ronald Brauer\Downloads\Gmer.txt 2014-10-11 12:16 - 2014-10-11 12:16 - 00380416 _____ () C:\Users\Ronald Brauer\Downloads\Gmer-19357.exe 2014-10-11 11:03 - 2014-10-11 11:04 - 00047041 _____ () C:\Users\Ronald Brauer\Downloads\Addition.txt 2014-10-11 11:02 - 2014-10-13 23:21 - 00000000 ____D () C:\FRST 2014-10-11 11:02 - 2014-10-11 11:04 - 00062872 _____ () C:\Users\Ronald Brauer\Downloads\FRST.txt 2014-10-11 11:01 - 2014-10-11 11:01 - 02109952 _____ (Farbar) C:\Users\Ronald Brauer\Downloads\FRST64.exe 2014-10-11 10:54 - 2014-10-11 10:54 - 00000488 _____ () C:\Users\Ronald Brauer\Downloads\defogger_disable.log 2014-10-11 10:54 - 2014-10-11 10:54 - 00000000 _____ () C:\Users\Ronald Brauer\defogger_reenable 2014-10-11 10:52 - 2014-10-11 10:52 - 00050477 _____ () C:\Users\Ronald Brauer\Downloads\Defogger.exe 2014-10-11 10:37 - 2014-10-11 10:37 - 07887208 _____ (383 Media, Inc.) C:\Users\Ronald Brauer\Downloads\DriverRestore.exe 2014-10-11 09:46 - 2014-10-11 09:47 - 31766208 _____ (Microsoft Corporation) C:\Users\Ronald Brauer\Downloads\Windows-KB890830-x64-V5.16.exe 2014-10-10 22:57 - 2014-10-10 22:57 - 04300993 _____ () C:\Users\Ronald Brauer\Desktop\Kaspersky_AutoCollector_Results.zip 2014-10-10 22:54 - 2014-10-10 22:54 - 00619921 _____ () C:\Users\Ronald Brauer\Downloads\KL-AutoCollector_4.6.exe 2014-10-10 18:49 - 2014-10-10 23:04 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-10 14:17 - 2014-10-10 14:20 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\ReportMaker 2014-10-10 12:28 - 2014-10-10 12:28 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Alte Firefox-Daten 2014-09-29 09:38 - 2014-10-10 23:12 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Spiele 2014-09-27 09:54 - 2014-09-27 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-27 09:54 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-09-27 09:53 - 2014-09-27 09:54 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-27 09:53 - 2014-09-27 09:54 - 00000000 ____D () C:\Program Files\iTunes 2014-09-27 09:53 - 2014-09-27 09:53 - 00000000 ____D () C:\Program Files\iPod 2014-09-27 09:37 - 2014-09-27 09:37 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-09-27 09:33 - 2014-09-27 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-09-25 09:09 - 2014-09-25 09:09 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp7396b31d089ca2ea579fbca3f7e0c016 2014-09-25 09:09 - 2014-09-25 09:09 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp5426677acd666adac6effd455d779184 2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\Downloads\RealPlayer 2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\ChromeExtensions 2014-09-25 09:08 - 2014-09-25 09:08 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\Temp8a1a82856b1bcb67b2e739846712d61c 2014-09-25 09:07 - 2014-09-25 09:07 - 01047192 _____ () C:\Users\Ronald Brauer\Downloads\RealPlayer-lnstall.exe 2014-09-25 08:32 - 2014-09-25 08:32 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-09-25 08:31 - 2014-09-25 08:31 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-09-25 08:31 - 2014-09-25 08:31 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-09-25 08:30 - 2014-09-25 08:30 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2014-09-25 07:38 - 2014-10-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-09-25 07:38 - 2014-09-25 12:04 - 00002334 _____ () C:\Users\Ronald Brauer\Desktop\Sicherer Zahlungsverkehr.lnk 2014-09-25 07:38 - 2014-09-25 07:38 - 00001196 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-09-25 07:38 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2014-09-25 07:37 - 2014-09-25 07:42 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-09-25 07:37 - 2014-09-25 07:42 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-09-25 07:37 - 2014-09-25 07:37 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-09-25 07:37 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2014-09-25 07:10 - 2014-09-25 07:10 - 00000000 ___SD () C:\Users\Ronald Brauer\Documents\Passwords Database 2014-09-23 09:02 - 2014-09-23 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-23 09:02 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-09-23 09:02 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-09-23 09:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-09-23 09:02 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-09-23 09:01 - 2014-09-23 09:02 - 00004686 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-09-23 08:59 - 2014-09-23 08:59 - 00918952 _____ (Oracle Corporation) C:\Users\Ronald Brauer\Downloads\jxpiinstall(2).exe 2014-09-23 08:40 - 2014-09-23 08:40 - 00031596 _____ () C:\Windows\SysWOW64\hs_err_pid5112.log 2014-09-22 20:40 - 2014-09-23 09:09 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-22 20:36 - 2014-09-22 20:36 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brettspielwelt 2014-09-22 20:35 - 2014-09-22 20:35 - 03170210 _____ (BrettspielWelt GmbH) C:\Users\Ronald Brauer\Downloads\BrettspielWelt(1).exe 2014-09-20 14:43 - 2014-09-20 14:45 - 89130271 _____ () C:\Users\Ronald Brauer\Downloads\imdb2014-w1-2%20pip.mp4 2014-09-20 07:51 - 2014-10-13 21:58 - 00003366 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 2014-09-20 07:51 - 2014-10-13 21:58 - 00003248 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 2014-09-19 09:25 - 2014-09-24 23:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-17 19:04 - 2014-09-17 19:04 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWood 2014-09-17 19:04 - 2014-09-17 19:04 - 00000000 ____D () C:\Program Files (x86)\JoWood 2014-09-17 12:21 - 2014-09-17 12:21 - 00000909 _____ () C:\Users\Alternate\Desktop\Bidou.lnk 2014-09-17 12:21 - 2014-09-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bidou 2014-09-17 12:21 - 2014-09-17 12:21 - 00000000 ____D () C:\Program Files (x86)\Bidou 2014-09-17 12:20 - 2014-09-17 12:20 - 00001008 _____ () C:\Users\Ronald Brauer\Desktop\AngelPacMan.lnk 2014-09-17 12:20 - 2014-09-17 12:20 - 00001008 _____ () C:\Users\Alternate\Desktop\AngelPacMan.lnk 2014-09-17 12:20 - 2014-09-17 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AngelPacMan 2014-09-17 12:20 - 2014-09-17 12:20 - 00000000 ____D () C:\Program Files (x86)\AngelPacMan 2014-09-17 12:12 - 2014-09-17 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701 2014-09-17 12:01 - 2014-09-17 12:16 - 00000000 ____D () C:\Program Files (x86)\Anno 1701 2014-09-14 17:48 - 2014-09-17 20:35 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-09-14 17:46 - 2014-09-14 17:56 - 00000000 ____D () C:\Program Files (x86)\eGames 2014-09-14 17:46 - 2014-09-14 17:46 - 00001828 _____ () C:\Users\Alternate\Desktop\eGames.lnk 2014-09-14 17:46 - 2014-09-14 17:46 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eGames 2014-09-14 17:46 - 2014-09-14 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames 2014-09-14 17:46 - 2000-07-17 13:41 - 00070088 _____ (xx) C:\Windows\SysWOW64\Project2-1.ocx 2014-09-14 17:46 - 2000-03-21 15:37 - 00001760 _____ () C:\Windows\SysWOW64\objsafe.tlb 2014-09-14 17:46 - 2000-01-05 14:10 - 00614672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002 2014-09-14 17:46 - 2000-01-05 14:10 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001 2014-09-14 17:46 - 2000-01-05 14:10 - 00143632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004 2014-09-14 17:46 - 2000-01-05 14:10 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000 2014-09-14 17:46 - 1999-12-07 11:00 - 01384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003 2014-09-14 17:46 - 1999-05-07 00:00 - 00082960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Picclp32.ocx 2014-09-14 17:46 - 1999-03-25 23:00 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll 2014-09-14 17:46 - 1998-05-30 23:00 - 00022288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005 2014-09-13 15:56 - 2014-09-30 07:58 - 00003388 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 2014-09-13 15:56 - 2014-09-30 07:58 - 00003270 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2689304980-1437917653-2625238874-1004 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-13 23:12 - 2011-12-04 11:39 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Local\CrashDumps 2014-10-13 23:10 - 2010-09-04 15:39 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-13 23:02 - 2013-10-28 08:02 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Ron 2014-10-13 22:52 - 2014-05-13 20:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-13 22:31 - 2014-05-13 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-13 22:31 - 2014-05-13 20:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-13 22:31 - 2013-01-01 11:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-13 22:08 - 2009-07-14 06:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-13 22:08 - 2009-07-14 06:45 - 00026304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-13 22:06 - 2010-05-29 11:24 - 01855529 _____ () C:\Windows\WindowsUpdate.log 2014-10-13 21:58 - 2013-02-09 10:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-10-13 21:57 - 2010-09-04 15:39 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-13 21:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-13 21:56 - 2009-07-14 06:51 - 00221142 _____ () C:\Windows\setupact.log 2014-10-13 21:55 - 2010-05-29 11:54 - 00607020 _____ () C:\Windows\PFRO.log 2014-10-13 21:54 - 2014-05-06 22:40 - 00000000 ____D () C:\AdwCleaner 2014-10-13 19:48 - 2014-04-09 11:46 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\dvdcss 2014-10-13 19:48 - 2011-05-22 12:56 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\vlc 2014-10-13 19:48 - 2010-04-27 18:45 - 00000000 ____D () C:\Users\Alternate 2014-10-13 19:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-10-13 19:47 - 2010-12-12 10:02 - 00000000 ____D () C:\ProgramData\Real 2014-10-13 19:41 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-10-13 19:24 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-10-13 19:16 - 2013-12-24 15:31 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-10-13 19:12 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-10-13 19:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-10-13 19:12 - 2009-07-14 04:34 - 18874368 _____ () C:\Windows\system32\config\system.bak 2014-10-13 19:12 - 2009-07-14 04:34 - 100401152 _____ () C:\Windows\system32\config\software.bak 2014-10-13 19:12 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak 2014-10-13 19:12 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak 2014-10-13 19:12 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak 2014-10-13 19:11 - 2010-05-29 11:24 - 00000000 ____D () C:\Users\Ronald Brauer 2014-10-13 18:21 - 2010-05-29 11:25 - 00139656 _____ () C:\Users\Ronald Brauer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-11 09:55 - 2013-12-03 14:01 - 00011767 _____ () C:\Windows\IE11_main.log 2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64 2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard 2014-10-10 23:12 - 2014-08-25 18:59 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard 2014-10-10 23:12 - 2014-01-16 17:27 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-10 23:12 - 2013-07-05 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player 2014-10-10 23:12 - 2013-07-05 08:45 - 00000000 ____D () C:\Program Files (x86)\FLV Media Player 2014-10-10 23:12 - 2010-07-07 07:29 - 00000000 ___RD () C:\Program Files (x86)\Norton Support 2014-10-10 23:12 - 2010-05-29 12:17 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 14 2014-10-10 23:12 - 2010-05-29 11:50 - 00000000 ____D () C:\ProgramData\Norton 2014-10-10 23:04 - 2014-01-16 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-10 17:54 - 2011-11-14 08:26 - 00000000 ____D () C:\Users\Ronald Brauer\Documents\Symantec 2014-10-09 15:09 - 2013-11-16 10:57 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Ebay 2014-10-06 20:58 - 2013-07-29 19:32 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Spitz 2014-09-29 10:28 - 2009-07-14 19:58 - 00702942 _____ () C:\Windows\system32\perfh007.dat 2014-09-29 10:28 - 2009-07-14 19:58 - 00150582 _____ () C:\Windows\system32\perfc007.dat 2014-09-29 10:28 - 2009-07-14 07:13 - 01629348 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-29 09:37 - 2013-01-17 22:29 - 00000000 ____D () C:\Users\Ronald Brauer\Desktop\Office 2014-09-27 09:54 - 2011-07-12 06:14 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-27 09:53 - 2011-01-29 16:15 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-09-27 09:37 - 2011-01-29 16:14 - 00000000 ____D () C:\ProgramData\Apple 2014-09-27 09:33 - 2013-01-02 18:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-09-26 18:41 - 2014-08-25 18:17 - 00003862 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408983440 2014-09-26 18:41 - 2014-08-25 18:17 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-09-25 12:07 - 2012-12-24 07:57 - 00003408 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2689304980-1437917653-2625238874-1004 2014-09-25 08:33 - 2010-12-12 10:02 - 00000000 ____D () C:\Users\Ronald Brauer\AppData\Roaming\Real 2014-09-25 08:32 - 2012-12-24 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-09-25 08:32 - 2010-12-12 10:02 - 00000000 ____D () C:\Program Files (x86)\Real 2014-09-25 07:37 - 2013-02-09 10:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-09-25 06:50 - 2013-07-03 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-23 23:31 - 2013-01-01 11:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 23:31 - 2012-06-07 07:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 23:31 - 2012-06-07 06:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 09:02 - 2012-01-03 18:00 - 00000000 ____D () C:\Program Files (x86)\Java 2014-09-18 18:25 - 2013-01-06 22:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-17 21:08 - 2010-12-29 12:34 - 00000000 ____D () C:\Users\Ronald Brauer\Documents\Aufnahmen 2014-09-17 20:36 - 2010-01-23 00:04 - 00000605 _____ () C:\Windows\m3jpeg.ini 2014-09-17 20:14 - 2009-07-14 06:45 - 00502408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-17 12:12 - 2010-02-12 13:32 - 00522969 _____ () C:\Windows\DirectX.log 2014-09-17 12:01 - 2010-04-22 10:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-14 17:56 - 2009-07-14 04:34 - 00000941 _____ () C:\Windows\win.ini Some content of TEMP: ==================== C:\Users\Ronald Brauer\AppData\Local\Temp\Quarantine.exe C:\Users\Ronald Brauer\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 10:03 ==================== End Of Log ============================ Gute Nacht |
|
14.10.2014, 16:30
| #12 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
SearchScopes: HKLM-x32 - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {318DFEB2-3449-4101-B00B-860AE0D34878} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
SearchScopes: HKCU - {42C7DE53-739B-41E2-AF9F-788A5A156AFF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2708334
SearchScopes: HKCU - {8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {99ECA7F7-DAE1-4e86-995F-A80FB51AB0CA} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
CHR Extension: (Bazaar Friend) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2014-03-07]
CHR Extension: (Boston MarketOne) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-03-07]
CHR Extension: (No Name) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-03-07]
CHR Extension: (Real Summer Sale) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj [2014-03-07]
CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKLM\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKCU\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
S2 DatamngrCoordinator2; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [X]
C:\Program Files (x86)\Music Toolbar
C:\Users\Ronald Brauer\Downloads\DriverRestore.exe
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
15.10.2014, 12:54
| #13 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Hallo, Zu Schritt 1: Bin etwas unsicher, ob Schritt 1 korrekt ablief, da die Internet-Verbindung ziemlich am Ende unterbrochen wurde (wurde dies durch das Programm FRST verursacht oder hat mein WLAN einen Fehler gehabt ???). Dann wurde der Computer neu gestartet und mein Firefox hat nicht die vorherigen Tabs gehabt und eine Wiederherstellung ging auch nicht sondern zeigte als Startseite nur Google - ist das so vom FRST-Programm gewollt gewesen? Wenn ja, wäre eine kurze Erwähnung dieser Effekte (Internet-Abbruch, Computer runter- und hochfahren, Firefox-Tab-Löschung) für mich nützlich gewesen, dann hätte ich einige Tabs als Lesezeichen retten können. Jetzt hab ich viel zusätzliche Arbeit beim Wiederherstellen der Tabs, einige Tabs sind aber ärgerlicherweise verloren. Hier die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Ronald Brauer at 2014-10-15 12:38:50 Run:1
Running from C:\Users\Ronald Brauer\Desktop
Loaded Profile: Ronald Brauer (Available profiles: Alternate & Ronald Brauer)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM-x32 - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^0D^xdm049^YYA^de&si=XXXXXXXXXX&ptb=1F3E893A-59BE-4BDD-8AF5-5C85C262DA2D&ind=2013070602&n=77fd050a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {318DFEB2-3449-4101-B00B-860AE0D34878} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
SearchScopes: HKCU - {42C7DE53-739B-41E2-AF9F-788A5A156AFF} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2708334
SearchScopes: HKCU - {8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKCU - {99ECA7F7-DAE1-4e86-995F-A80FB51AB0CA} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
CHR Extension: (Bazaar Friend) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2014-03-07]
CHR Extension: (Boston MarketOne) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-03-07]
CHR Extension: (No Name) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-03-07]
CHR Extension: (Real Summer Sale) - C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj [2014-03-07]
CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKLM\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKCU\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKCU\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx [2013-08-02]
S2 DatamngrCoordinator2; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [X]
C:\Program Files (x86)\Music Toolbar
C:\Users\Ronald Brauer\Downloads\DriverRestore.exe
EmptyTemp:
end
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{274daec0-c4e8-4f30-9e5c-9424990769b9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{274daec0-c4e8-4f30-9e5c-9424990769b9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{274daec0-c4e8-4f30-9e5c-9424990769b9}" => Key deleted successfully.
"HKCR\CLSID\{274daec0-c4e8-4f30-9e5c-9424990769b9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{318DFEB2-3449-4101-B00B-860AE0D34878}" => Key deleted successfully.
"HKCR\CLSID\{318DFEB2-3449-4101-B00B-860AE0D34878}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42C7DE53-739B-41E2-AF9F-788A5A156AFF}" => Key deleted successfully.
"HKCR\CLSID\{42C7DE53-739B-41E2-AF9F-788A5A156AFF}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60}" => Key deleted successfully.
"HKCR\CLSID\{8D8DF965-DA4A-4ca2-A7EC-2CAFF73D8D60}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99ECA7F7-DAE1-4e86-995F-A80FB51AB0CA}" => Key deleted successfully.
"HKCR\CLSID\{99ECA7F7-DAE1-4e86-995F-A80FB51AB0CA}" => Key not found.
C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh => Moved successfully.
C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd => Moved successfully.
C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl => Moved successfully.
C:\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh" => Key deleted successfully.
C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd" => Key deleted successfully.
C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj" => Key deleted successfully.
C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh" => Key deleted successfully.
"C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd" => Key deleted successfully.
"C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj" => Key deleted successfully.
"C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh" => Key deleted successfully.
"C:\Users\RONALD~1\AppData\Local\BazaarFriend.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd" => Key deleted successfully.
"C:\Users\RONALD~1\AppData\Local\BostonMarketOne.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj" => Key deleted successfully.
"C:\Users\RONALD~1\AppData\Local\RealSummerSale.crx" => File/Directory not found.
DatamngrCoordinator2 => Service deleted successfully.
"C:\Program Files (x86)\Music Toolbar" => File/Directory not found.
C:\Users\Ronald Brauer\Downloads\DriverRestore.exe => Moved successfully.
EmptyTemp: => Removed 803.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Habe die Windows Firewalls deaktiviert. und ESET downgeloadet und gestartet. Da das Fenster nicht ganz Deiner Beschreibung entspricht, habe ich die Haken so gesetzt, wie ich denke, daß es korrekt ist, wobei der Haken bei Anti Stealth schon gesetzt war, siehe Bild (als Dateianhang). Da ich aber unsicher bin, ob das so korrekt ist, bitte ich erst mal um Bestätigung, bevor ich das Programm starte (habe es weggeklickt). Die angemeckerten Antivirus-Programme sind Avira und Norton, die ich ja leider nicht deinstallieren kann (System weigert sich). Werde Schritt 2 nach Deiner Erlaubnis durchführen. Am Ende: Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset Frage: Auch bei Programme (x86) ??? Ich denke ja (falls es dort den Eset-Ordner gibt). mfG Ronald Geändert von 123Ron (15.10.2014 um 13:03 Uhr) |
|
15.10.2014, 19:14
| #14 |
| /// TB-Ausbilder | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Servus, ja, die Einstellungen bei ESET sind so richtig. Ja, ggf. bei Programme(x86) auch den Ordner ESET löschen am Ende.  |
|
16.10.2014, 17:50
| #15 |
| | Windows 7: Webseiten werden auf Werbung umgeleitet mit spns.serious.net Hallo, erstmal Schritt 2 und 3, in nächster Antwort Schritt 4 (Dateien zu groß): Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c5fc2d36bb56484d89513471c0e39d6a
# engine=20628
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-16 03:22:53
# local_time=2014-10-16 05:22:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777214 100 86 497409 26891135 0 0
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3591 16777213 100 86 497398 108304139 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 82 4512441 165102823 0 0
# scanned=348075
# found=106
# cleaned=0
# scan_time=7930
sh=FE7B16A9A71AFCDDA24024493CBDFF41DEA9DA2A ft=1 fh=684c1b0eedb1735c vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension32.dll.vir"
sh=AFA45585E2ADA3249CC492ED77AE93BB90E20BCC ft=1 fh=7b61b270fd51f0a6 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension64.dll.vir"
sh=513FFF8D4809BF8766A13928F3430EF30E428E62 ft=1 fh=ed2dd2f1945e5ea2 vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe.vir"
sh=1BED97D869D4F64F47F5AC001B393E66EDB75076 ft=1 fh=aeccdf27d48709a6 vn="Variante von Win32/Toolbar.BitCocktail.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\InstallerHelper.dll.vir"
sh=6499C58A34D2C782914250A41B1182BAD681B7D1 ft=1 fh=e089b9c7faf9de43 vn="Variante von Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir"
sh=5339ABEE428B92A04DF04A1D1B81896A68CF7CBD ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir"
sh=B93A611E29C3BD6E13E9F3A2BD98F17EED127102 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir"
sh=FDBC6EB6E9A237339773F943F29D99AFACFB41F6 ft=1 fh=0748fb2f5740e5c0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=5AEAA81DBCE2CC22D48E9D50214FB534CB538EF1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven Pro 1.2\51682.crx.vir"
sh=8EAC5DD582F0D7DE15AE1DFFE15ECF1669E5AACD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Feven Pro 1.2\51682.xpi.vir"
sh=B358A442EAAA9B87C81534E1363872DFDFF7046A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven Pro 1.3\54255.crx.vir"
sh=B2DCE70D943B20C5A7862D82E0916F100F69AD09 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven Pro 1.3\54255.xpi.vir"
sh=6B24DB937EE04CB0A8FD49474B0CB30BF0D957FA ft=1 fh=07ac96530a47e87c vn="Win32/Packed.VMDetector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FTdownloader V4.0\utils.exe.vir"
sh=8C9CB437F0B642DDDEA2963F18D0B7D6D382606E ft=1 fh=9c88ad8d6d602ec3 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Helper.dll.vir"
sh=6BA32EBEA8102882DBB89337B0B80B847C783DBD ft=1 fh=b68a19f8e35c3a94 vn="Variante von Win32/Toolbar.SearchSuite.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Uninstall.exe.vir"
sh=C73DCE2A29152D96F288164B4816B100BA490D49 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.crx.vir"
sh=DC213C3E4F4A3E3159B9D3BD29184FD2DBD31A42 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerplus\54246.xpi.vir"
sh=F831FBC6A34556761399CE04D4B421C7BA716480 ft=1 fh=d91bac541848e8d7 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\escortShld.dll.vir"
sh=F6FB123B9F3604629D0CFA93BB8D45DF3DB5E511 ft=1 fh=bae64ff57b12b8e1 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolApp.dll.vir"
sh=8E9985E14F4C259A48F2730C31816FE01FB3F865 ft=1 fh=4002b95c2b374955 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolEng.dll.vir"
sh=6520D348A6F1EA16BBECE520507946C57065A8FD ft=1 fh=2af50e6cee369def vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolsrv.exe.vir"
sh=57F06A8C7A86599F43AFFF3080D4DA9ADC2FAD73 ft=1 fh=27f83682369f38da vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll.vir"
sh=133303BCE1ECF349510B3998FA793BB4C0C16622 ft=1 fh=a7489edf367e6313 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\uninstall.exe.vir"
sh=30971B5BE14BBEF177CF34714DD35A0174449A15 ft=1 fh=ff621fdc0f8fcec5 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll.vir"
sh=29F6BCB69217E5A7A554F41965EBAEB7BE2BAA11 ft=1 fh=9087372ffeaaadaf vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir"
sh=72A43056A8066C579454FDEBB3F96DB28BAE9E9C ft=1 fh=22d268527d187618 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir"
sh=8F8A63A594ACDF9DF91BE86C49BF1567F6042D93 ft=1 fh=217e1943b333fe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir"
sh=073E958F46935AD69F27A15E7AC05319DB801259 ft=1 fh=69669c94f288659b vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir"
sh=D3FCEFB397AF98813366D61802647E65A3D7BC18 ft=1 fh=10d28fcbcb14de99 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir"
sh=3122515D06647578A15FD45EF6718F53E3D2DDB8 ft=1 fh=223a9142e94aa61e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir"
sh=AD1C3482B059F856D1963563DFD2DBFA11CD7AC0 ft=1 fh=735059e74d878d1f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir"
sh=6D4E6AED389ACD0258E715FB68C9C3006BDF0969 ft=1 fh=5c436028b1ba18b9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir"
sh=1A9AAB4DAD381CC00091B1836D186264C120433D ft=1 fh=1b628981af7edc5d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir"
sh=1ED0C78C66085894E09B239C47C10C94E454F464 ft=1 fh=c0c0e9861e7b7102 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir"
sh=AF76FF7962A195B54F6FBFC726C761CEC254BAFA ft=1 fh=dbc065df8af52993 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir"
sh=8C0071D0EF2625502B69A02EFF718CD22E097C8F ft=1 fh=c71c00110e410816 vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\IE\priam_bho.dll.vir"
sh=A252FEDCEEDCA1655D593982040CCEED07812DEF ft=1 fh=975aa770e795194d vn="Win32/Wajam.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdater.exe.vir"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe.vir"
sh=5618448E0195BA9251A1A0A5132CE2612037D630 ft=1 fh=ccf0f11a65c989b1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll.vir"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=75DFDC05C5D5F0C3B930B5B6871B6528EC9C22EA ft=1 fh=cff868ace0c06f1a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=9522EED31EB4138B4D0150B5E9649DFD7AE80039 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alternate\AppData\Roaming\Mozilla\Firefox\Profiles\7ik30xs6.default\Extensions\webbooster@iminent.com.xpi.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\genienext\nengine.dll.vir"
sh=4766AF6197A6C8D4FF526EF0307B9870F7A8BC11 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\flavour.js.vir"
sh=96782E610940265452A5866899E108A440602F61 ft=1 fh=e2b5f6e68841dc2b vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\mgHelperGC.dll.vir"
sh=1D2B2244C42AB1D687AE046AA280D719D4C41359 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\newtab.js.vir"
sh=ACA857771106E4FCFBFA9F55483C716777E90624 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\toolbar.js.vir"
sh=31663FAE62AF97E6B3D902A4F2450973C8CF2883 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.1.zip.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=408F051AE5CCB844CC630E6178BB8643BBC2513B ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=B2C09DC8D9F5020A619DA4E5975BD8B5A0C1DB7D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins\91.js.vir"
sh=1C4A6EF22D66B4B3AC5CFD6620EFC10D8145A209 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\Mozilla\Firefox\Profiles\fldfq28n.default-1392830494311\Extensions\e49d3f99-7c89-4eb4-99f3-ff903e2189b2@5288754a-7a48-41a0-a10f-e98c9ac12040.com\extensionData\plugins\242_price_gong_m.js.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\newnext.me\nengine.dll.vir"
sh=22EA12E23878248FEBC79C3B7FD1FA8B91F03725 ft=1 fh=fe2b149769bf0004 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\OpenCandy\2756A94195944D9498E61858A42A3875\SearchGolTB.exe.vir"
sh=93EB138B9F1A1E50BBC143479BC5DCFE84CF6A1E ft=1 fh=089ced7fe49747c2 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\OpenCandy\A93E55877A274CAC93382369CAA0A7DA\AVG923_p1v3.exe.vir"
sh=A4F319312C51671C3A95C478B1006769263996A9 ft=1 fh=886ae4ceae92d42e vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\OpenCandy\A93E55877A274CAC93382369CAA0A7DA\OCBrowserHelper_1.0.3.85.dll.vir"
sh=D220000532695D8A55D8030F10398FDE09EA8477 ft=1 fh=8b99c40bc23a8813 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\OpenCandy\B20FE04826E8471C962E629FAF1D8F69\Installer.exe.vir"
sh=7BCCC388073338947B63621DD200BF340B283ECD ft=1 fh=e34f258f8ac45d35 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\OpenCandy\E03A09B02A4948D3845C036EB3CDE13D\RAWFindr.exe.vir"
sh=122D3A31E6DE61FFF658BC1A6A30BB4084869D4F ft=1 fh=d875ea997b1c8376 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ronald Brauer\AppData\Roaming\Snz\Snz.exe.vir"
sh=1ED0FFE9C5F698435676AE6AA7DEE53DF76179A1 ft=1 fh=6800aff9bed7d6d7 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\RONALD~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=100993E5BDF2AB08262B8BE5AEF2C60D6CC41D52 ft=1 fh=d728aee591b026ab vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=CD892DDD4C07FADB260CD163C86DC28A19260550 ft=1 fh=76769db92ee895e6 vn="Win32/SweetIM.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=015ECBEA3045ED49BE59042C0ED60653CB5F22E2 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\SweetNT.crx.vir"
sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=4AC59A227ED21E6D449A8AD079C4F37BE5584040 ft=1 fh=6e7e54c24a0481bf vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FoxTab3GPConverter\3GPConverter.exe"
sh=7CE3756FD766C5ABF3040C21F5B7ECCE2A426B23 ft=1 fh=abdbfcd593573440 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll"
sh=BF94FFE35F2796D7564CDB8FBCB5227ABF2C243C ft=1 fh=2c0c15ddc8289e70 vn="Variante von Win32/Toolbar.Zugo evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe"
sh=8E06E50B0CBFA8E4CA1C53E149AF51D6CB70B048 ft=1 fh=abbd31e3610824c6 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Ronald Brauer\AppData\Local\nsoE5F.tmp.vir"
sh=166D8683C35D13D5CC2CD7B2355B95DF3B243014 ft=1 fh=4a025439f6f0273b vn="Win32/AnyProtect.F evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Ronald Brauer\AppData\Local\nsrF7B9.tmp.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=4766AF6197A6C8D4FF526EF0307B9870F7A8BC11 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\flavour.js"
sh=96782E610940265452A5866899E108A440602F61 ft=1 fh=e2b5f6e68841dc2b vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\mgHelperGC.dll"
sh=1D2B2244C42AB1D687AE046AA280D719D4C41359 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\newtab.js"
sh=ACA857771106E4FCFBFA9F55483C716777E90624 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\toolbar.js"
sh=D9264EA6C84A1057FE02DBB02D71FACE7FEBE619 ft=1 fh=b3820641d04c8f0e vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Ronald Brauer\AppData\Roaming\DVDVideoSoft\FreeYouTubeDownload.exe"
sh=D07B8A6EF6038FEB9AEBEBE6568C548CB38DB3BC ft=1 fh=a3498771be7e312f vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Ronald Brauer\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe"
sh=EEBFC04D6B8FDE9B014214CC83DFBEFBF545D437 ft=1 fh=386346820fc68a16 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Ronald Brauer\Desktop\Office\PDFCreator-1_3_2_setup.exe"
sh=EE87B912450E4EAA9D6E1BF7433FBC04704B8C21 ft=1 fh=4a67aee7c01503bb vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Documents\Downloads\asc4-setup-softonic1.exe"
sh=A9346E469449CD22EE86FD9708422E2F15EF003A ft=1 fh=0e2ca38733edf6bc vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\1-click-pc-care_full1017.exe"
sh=F3F5ACEBC9BA085608F797BE91ECF5078398B503 ft=1 fh=01745def7351d3e4 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\AdwCleaner - CHIP-Downloader.exe"
sh=450BC07BDF16426A927CFDCF6952C70D8CE5E9F5 ft=1 fh=c6a73bdcdf60520b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\ashampoo_burning_studio_6_free_6.80_3639.exe"
sh=436C7AF9C33B696548C59A9CD5E26D6DE207159A ft=1 fh=5c0a7e90440ff25b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\Free PDF to Word Doc Converter - CHIP-Downloader.exe"
sh=6588CEE0C31796B988025038C2E6F197A899796C ft=1 fh=4d7165e649c51626 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\FreeStudio.exe"
sh=49AEB9031433A06A76C051A2C5680B3C2E9C18CA ft=1 fh=9fef797d864c3b20 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\FreeYouTubeDownload(1).exe"
sh=49AEB9031433A06A76C051A2C5680B3C2E9C18CA ft=1 fh=9fef797d864c3b20 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\FreeYouTubeDownload(2).exe"
sh=55FE0DC88BD6499D08380EB1A95F56AC700D93EE ft=1 fh=5e383bafb664c0c1 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\FreeYouTubeDownload.exe"
sh=9B36CFE3F6F67BD682180D7B137B3A0BA991B092 ft=1 fh=e258c51ba23aaec4 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\FreeYouTubeDownload21030.exe"
sh=BF7A4930B284D6377C58FCACFD443C4EB0B3018E ft=1 fh=ad37c5e7095bc83c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMP3Converter(1).exe"
sh=FC36E37C5AF2A351DCD003127821BE33E48D56CF ft=1 fh=cc013aa1066e7274 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMp3Converter.exe"
sh=0CE48DA603A5E7431002CE4ACA1F1546C5D6579E ft=1 fh=a7cab65addc4a365 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\FreeYouTubeToMP3Converter32.exe"
sh=C55FB4B8F8A5EA27231F5F61792D662E6CF617EE ft=1 fh=17ffc4c4e99e13ed vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\prismsetup.exe"
sh=FAE94D1EE9BDE928ECE907F2CBCDC167F84FE2BE ft=1 fh=36a36ad6af41f205 vn="Variante von Win32/WinloadSDA.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\RealPlayer-lnstall.exe"
sh=117A9CE01E849C4B8048FCB36885960844F39337 ft=1 fh=f74c6a9d0bdbf6d7 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\registrybooster (1).exe"
sh=117A9CE01E849C4B8048FCB36885960844F39337 ft=1 fh=f74c6a9d0bdbf6d7 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\registrybooster.exe"
sh=3C26CA142E5A92936611842EE4E474BAD4D94693 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\default_adapter.js"
sh=B2FAD413E2E26181EFA3E9DF32FE87A4265D5F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar.js"
sh=66F4780CB3ECD9E5A7B57C5E232BAE3BF3D05BBE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar_002.js"
sh=829853158C9D1F1212D39CE6056E8C7DD16F4E36 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ronald Brauer\Downloads\Bewerbung wurde erfolgreich eingetragen-Dateien\minibar_003.js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Kaspersky Internet Security
Norton Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
Linear-Darstellung
