|
Log-Analyse und Auswertung: WicaInventory.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.12.2014, 11:34 | #1 |
| WicaInventory.exe Hallo und guten Tag. Seit dem heutigen Rechnerstart meldet mir Avast die Datei "WicaInventory.ex" als Bedrohung. Mein Betriebssystem ist Win7 Professional 32 Bit. Danke für die Hilfe im Voraus. Viele Grüße Mathias FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01 Ran by KerMa (administrator) on KERMA-PC on 07-12-2014 11:13:27 Running from C:\Users\KerMa\Desktop Loaded Profile: KerMa (Available profiles: KerMa & Admin & UpdatusUser) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {04f18f47-9a9a-11e1-8861-0019662b4ca8} - H:\LGAutoRun.exe HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {71ce90b4-ea98-11e0-867a-0019662b4ca8} - H:\LGAutoRun.exe HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {a9fd9411-d364-11df-98df-0019662b4ca8} - H:\LGAutoRun.exe HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {ad5721a6-9aa1-11e1-9069-0019662b4ca8} - F:\LGAutoRun.exe HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\MountPoints2: {d1050bae-d825-11df-88aa-0019662b4ca8} - H:\LGAutoRun.exe Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235 HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/ HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x757589A8B75FCB01 HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> DefaultScope {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms} BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> c:\users\admin\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> c:\users\admin\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.660 -> c:\users\admin\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-15] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software) S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.) R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-03-19] () R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-03-19] () S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2010-01-14] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [25376 2010-01-14] (Windows (R) Codename Longhorn DDK provider) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation) R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software) S3 aaudstum; \??\C:\Users\KerMa\AppData\Local\Temp\aaudstum.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X] S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X] S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 11:13 - 2014-12-07 11:13 - 00014765 _____ () C:\Users\KerMa\Desktop\FRST.txt 2014-12-07 11:13 - 2014-12-07 11:13 - 00000000 ____D () C:\FRST 2014-12-07 11:04 - 2014-12-07 11:04 - 01111040 _____ (Farbar) C:\Users\KerMa\Desktop\FRST.exe 2014-12-05 20:09 - 2014-12-05 20:09 - 00200668 _____ () C:\Users\KerMa\Desktop\FRITZ.Box Fon WLAN 7270 v2 54.05.54_05.12.14_2009.export 2014-12-02 17:40 - 2014-12-02 17:40 - 15161139 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 02.12.2014(2).hds 2014-12-02 16:42 - 2014-12-02 16:42 - 15095556 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 02.12.2014.hds 2014-12-01 18:27 - 2014-12-01 18:27 - 15021739 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 01.12.2014.hds 2014-11-30 17:13 - 2014-11-30 17:13 - 14997107 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 30.11.2014(2).hds 2014-11-30 16:10 - 2014-11-30 16:10 - 14919274 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 30.11.2014.hds 2014-11-29 18:32 - 2014-11-29 18:32 - 14861957 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 29.11.2014(2).hds 2014-11-29 14:15 - 2014-11-29 14:15 - 14685287 _____ () C:\Users\KerMa\Desktop\QIHausverwaltung.hvd - Komplettsicherung 29.11.2014.hds 2014-11-29 08:01 - 2014-11-29 08:01 - 00000199 _____ () C:\Windows\system32\2014-11-29-07-01-38.005-AvastVBoxSVC.exe-2268.log 2014-11-28 16:23 - 2014-11-28 16:24 - 00305064 _____ () C:\Users\KerMa\Desktop\support FRITZ.Box Fon WLAN 7270 v2 54.05.54_28.11.14_1623.txt 2014-11-28 10:14 - 2014-11-28 10:14 - 00000199 _____ () C:\Windows\system32\2014-11-28-09-14-32.095-AvastVBoxSVC.exe-2356.log 2014-11-25 10:15 - 2014-11-25 10:15 - 00000249 _____ () C:\Windows\system32\2014-11-25-09-15-05.025-aswFe.exe-4424.log 2014-11-25 09:56 - 2014-11-25 10:14 - 00000249 _____ () C:\Windows\system32\2014-11-25-08-56-24.032-aswFe.exe-3484.log 2014-11-25 09:56 - 2014-11-25 09:56 - 00000199 _____ () C:\Windows\system32\2014-11-25-08-56-08.047-AvastVBoxSVC.exe-5512.log 2014-11-22 11:44 - 2014-11-22 11:44 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-44-04.089-aswFe.exe-5932.log 2014-11-22 11:26 - 2014-11-22 11:43 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-26-56.055-aswFe.exe-728.log 2014-11-22 11:26 - 2014-11-22 11:26 - 00000199 _____ () C:\Windows\system32\2014-11-22-10-26-40.079-AvastVBoxSVC.exe-3656.log 2014-11-22 11:06 - 2014-11-22 11:07 - 00000000 ____D () C:\Windows\system32\vbox 2014-11-22 10:58 - 2014-11-23 07:22 - 00010558 _____ () C:\Windows\PFRO.log 2014-11-21 14:06 - 2014-11-21 14:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-11-21 14:05 - 2014-11-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-11-19 09:26 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 09:26 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-16 03:12 - 2014-11-16 03:12 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Macromedia 2014-11-16 00:41 - 2014-11-16 00:41 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-16 00:41 - 2014-11-16 00:41 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\ProgramData\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\Users\KerMa\AppData\Local\NVIDIA 2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-11-15 00:09 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Floodlight Games 2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\ProgramData\Floodlight Games 2014-11-12 11:32 - 2014-11-12 11:32 - 00000000 __SHD () C:\Users\KerMa\AppData\Local\EmieBrowserModeList 2014-11-12 09:07 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 09:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 09:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 09:07 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 09:07 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 09:06 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 09:06 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 09:06 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 09:06 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 09:06 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 09:06 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 09:06 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 09:06 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 09:06 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 09:06 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 09:06 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 09:06 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 09:06 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 09:06 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 09:06 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 09:06 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 09:06 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 09:06 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 09:06 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 09:06 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 09:06 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 09:06 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 09:06 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 09:06 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 09:06 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 09:06 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 09:06 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 09:06 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 09:06 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 09:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 09:06 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 09:06 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 09:06 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 09:06 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 09:06 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 09:05 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 09:05 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 09:05 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 07:15 - 2014-12-07 10:36 - 00003100 _____ () C:\Windows\setupact.log 2014-11-11 07:15 - 2014-11-11 07:15 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-11 07:14 - 2014-11-12 11:26 - 00284168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 00:38 - 2014-11-11 00:38 - 00061288 _____ () C:\Users\KerMa\AppData\Local\GDIPFONTCACHEV1.DAT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-07 11:08 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-07 11:08 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-07 11:02 - 2012-04-04 07:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-07 10:55 - 2010-04-27 22:17 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Skype 2014-12-07 10:42 - 2014-05-20 19:56 - 01440714 _____ () C:\Windows\WindowsUpdate.log 2014-12-07 10:38 - 2014-02-15 01:50 - 00000000 ___RD () C:\Users\KerMa\Dropbox 2014-12-07 10:38 - 2014-02-15 01:48 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Dropbox 2014-12-07 10:37 - 2010-04-29 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-07 10:36 - 2012-09-05 14:52 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-07 10:36 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-07 03:16 - 2010-04-29 13:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-07 02:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-02 17:40 - 2013-12-10 15:03 - 00000000 ____D () C:\QuickImmobilie 2014 2014-11-30 17:14 - 2013-02-27 08:55 - 00000000 ____D () C:\Users\KerMa\Desktop\Damo 2014-11-26 19:02 - 2012-04-04 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-26 19:02 - 2011-05-16 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-25 15:42 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-22 11:07 - 2013-02-06 14:00 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Google 2014-11-22 11:07 - 2010-03-27 19:05 - 00000000 ____D () C:\Program Files\Google 2014-11-22 11:03 - 2010-03-13 23:37 - 00000000 ____D () C:\Users\KerMa\Desktop\Tools 2014-11-21 14:05 - 2014-05-01 09:17 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-11-21 14:05 - 2013-12-20 11:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-11-21 14:05 - 2013-03-15 23:38 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-11-21 14:05 - 2013-03-15 23:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-11-21 14:05 - 2012-02-25 17:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-11-21 14:05 - 2011-03-29 14:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-11-21 14:05 - 2010-03-13 22:52 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-11-21 14:05 - 2010-03-13 22:51 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-11-16 00:41 - 2014-01-16 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-15 19:52 - 2014-02-15 01:50 - 00001025 _____ () C:\Users\KerMa\Desktop\Dropbox.lnk 2014-11-15 19:52 - 2014-02-15 01:49 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-15 00:10 - 2012-09-05 14:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-11-15 00:10 - 2010-03-13 23:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-11-12 14:45 - 2013-10-10 15:48 - 00000000 ____D () C:\Windows\rescache 2014-11-12 14:02 - 2011-07-22 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills 2014-11-12 14:00 - 2014-05-23 11:36 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT 2014-11-12 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-12 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-11-12 11:24 - 2014-04-30 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-12 11:19 - 2013-08-13 08:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 11:17 - 2010-03-13 22:11 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-08 01:59 - 2011-02-09 22:08 - 00000000 ____D () C:\Users\KerMa\Desktop\Saab Files to move or delete: ==================== C:\Users\Admin\autoplaylist.dat C:\Users\Admin\cddbcontrol.dll C:\Users\Admin\cddblink.dll C:\Users\Admin\cddbmusicid.dll C:\Users\Admin\convert.exe C:\Users\Admin\dbghelp.dll C:\Users\Admin\dunzip32.dll C:\Users\Admin\fixrjb.exe C:\Users\Admin\hxaudiodevicehook.dll C:\Users\Admin\ierjplug.dll C:\Users\Admin\keys.dat C:\Users\Admin\mc_enc_mp4v.dll C:\Users\Admin\mmcdda32.dll C:\Users\Admin\rdsf3260.dll C:\Users\Admin\realconverter.exe C:\Users\Admin\realjbox.exe C:\Users\Admin\realplay.exe C:\Users\Admin\realshare.exe C:\Users\Admin\realtrimmer.exe C:\Users\Admin\recordingmanager.exe C:\Users\Admin\rjbres.dll C:\Users\Admin\rjdlg.dll C:\Users\Admin\rjprog.dll C:\Users\Admin\rjwmapln.dll C:\Users\Admin\rndevicedbbuilder.exe C:\Users\Admin\rpau3260.dll C:\Users\Admin\rphelperapp.exe C:\Users\Admin\rpplugprot.dll C:\Users\Admin\rpshell.dll C:\Users\Admin\rpshellsearch.dll C:\Users\Admin\rpwa3260.dll C:\Users\Admin\strs23.dat C:\Users\Admin\strs26.dat C:\Users\Admin\tnetdtct.dll C:\Users\Admin\tpasdk.dll C:\Users\Admin\tsasdk.dll C:\Users\Admin\wmdmhelper.dll C:\Users\Public\AlexaNSISPlugin.2816.dll Some content of TEMP: ==================== C:\Users\KerMa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpggeldt.dll C:\Users\KerMa\AppData\Local\Temp\jre-8u25-windows-au.exe C:\Users\KerMa\AppData\Local\Temp\SkypeSetup.exe C:\Users\KerMa\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 14:41 ==================== End Of Log ============================ Code:
ATTFilter Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2014 01 Ran by KerMa at 2014-12-07 11:14:16 Running from C:\Users\KerMa\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden Age of Pirates 2: City of Abandoned Ships ver.1.3.0 (HKLM\...\Age of Pirates 2: City of Abandoned Ships_is1) (Version: - Playlogic Entertainment, Inc.) Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software) Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.2.0.7 - ) Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.) Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version: - ) Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.2010.6.23 - INTENIUM GmbH) Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment) Die Ritter (HKLM\...\Die Ritter) (Version: 1.0.0.0 - INTENIUM GmbH) Divinity II - Ego Draconis (HKLM\...\Divinity II - Ego Draconis_is1) (Version: - dtp) Drakensang - Am Fluss der Zeit (HKLM\...\Drakensang_TRoT_is1) (Version: - dtp) Dropbox (HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) EasyCash&Tax 1.50 (HKLM\...\EasyCash&Tax_is1) (Version: - tm) eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 2.50 - Philipp Winterberg) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech) Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech) Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Baseline Security Analyzer 2.1 (HKLM\...\{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}) (Version: 2.1.2111 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - ) Microsoft Word 2000 (HKLM\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 33.1.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Nero BackItUp 4 Essentials (HKLM\...\{4e73cd5a-a2a4-4f66-b9cc-15c2345867c3}) (Version: - Nero AG) NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) QuickImmobilie 2014 - Service Pack 3 (HKLM\...\{919BCC78-42C6-4833-BF5A-0EAFA4BC10E2}) (Version: 14.03 - Haufe-Lexware Real Estate AG) QuickImmobilie 2014 - Service Pack 6 (HKLM\...\{8794A9B4-F237-4993-8C2C-BDAC978AEDAB}) (Version: 14.06 - Haufe-Lexware Real Estate AG) QuickImmobilie 2014 - Service Pack 7 (HKLM\...\{CD5EF74F-8C53-4B00-9EE9-E6F6DC357B3E}) (Version: 14.07 - Haufe-Lexware Real Estate AG) QuickImmobilie 2014 (HKLM\...\{B76C08EE-3D8B-4029-AC5E-5ECE72E72B95}) (Version: 14.0.0 - Haufe-Lexware Real Estate AG) QuickImmobilie Deluxe 2009 (HKLM\...\QuickImmobilie Deluxe 2009) (Version: - Lexware GmbH & Co. KG (Vertrieb) / Enwickelt von Software24.com GmbH) QuickImmobilie Deluxe 2009 (Version: 7.0 - Lexware GmbH & Co. KG (Vertrieb) / Enwickelt von Software24.com GmbH) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks) Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.) RealUpgrade 1.0 (Version: 1.0.0 - RealNetworks, Inc.) Hidden RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Special Enquiry Detail: Mord in New York (HKLM\...\Special Enquiry Detail: Mord in New York) (Version: 1.0.0.0 - INTENIUM GmbH) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) System Requirements Lab for Intel (HKLM\...\{F7FC9307-374E-4017-8E9D-DE1154780480}) (Version: 4.1.66.0 - Husdawg, LLC) The Witcher (HKLM\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red) The Witcher 2 Enhanced Edition Version 3.0 (HKLM\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED) Two Worlds (HKLM\...\Two Worlds) (Version: 1.7.0 - ) Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\EasyBits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation ) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\EasyBits GO\ezGameXN.dll (EasyBits Media) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\system32\mscomctl.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-547636488-2336383340-334652843-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation) ==================== Restore Points ========================= 12-11-2014 10:15:21 Windows Update 12-11-2014 13:01:39 Time Machine wurde entfernt. 14-11-2014 23:04:18 Windows Update 16-11-2014 18:00:23 Windows-Sicherung 18-11-2014 09:43:23 Windows Update 19-11-2014 12:54:15 Windows Update 21-11-2014 13:04:14 avast! antivirus system restore point 23-11-2014 18:00:30 Windows-Sicherung 25-11-2014 11:57:44 Windows Update 30-11-2014 18:00:21 Windows-Sicherung 02-12-2014 14:42:21 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1A87BA60-831D-46A7-A32F-189BC5356ED3} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-21] (AVAST Software) Task: {1BAE9847-FB97-461E-B7C7-464168A24BCE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-547636488-2336383340-334652843-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.) Task: {25CC16F6-A102-4932-8819-002E1D4F6FE6} - System32\Tasks\{7ECC9814-3AA6-48F6-BDA0-2E36CA6BEE01} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.) Task: {3874BF4A-0684-4A2F-9B2A-A1F8B1B92AC5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated) Task: {4AB86BB2-AA5F-43AD-974E-63B6C1E43AB1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-547636488-2336383340-334652843-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.) Task: {55643421-89FC-4891-A9A4-9FEF1B706E6E} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe Task: {606863B2-9577-40FB-ABB7-CE2D011AC12D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd) Task: {6748B5B0-9515-487E-809A-1387B3353A93} - System32\Tasks\4645 => Wscript.exe C:\Users\KerMa\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {7A2FCC5F-0436-4C90-A68F-37C3632391EA} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {99C2555A-5A7A-48FC-8479-7B0F54392C0A} - System32\Tasks\{30D8FD50-2776-43B4-BE61-FD435A12D2EA} => C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.exe Task: {A70A13F3-9467-46D4-9349-F62845F220FB} - System32\Tasks\Backweb Online Aktualisierung => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe Task: {AEDB053C-2557-4039-B85D-CEE6B08F4BDA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {B4F782AA-12FD-4AB1-AB29-B17BC5E5EFF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {DC2D8C2C-0D5F-4D19-ADDB-9D2B8782871D} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Real\Update_OB\realsched.exe Task: {E0DDF15B-8E9A-4D1E-BF64-CE34A67C0F1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {EA90B48E-2C94-4E20-B0DF-1D4EA6B162AC} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.) Task: {ECACDB34-A367-4373-8889-66AE6FD82010} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-12-06 19:50 - 2014-12-06 19:50 - 02905088 _____ () C:\Program Files\Alwil Software\Avast5\defs\14120601\algo.dll 2014-12-07 10:37 - 2014-12-07 10:37 - 02905088 _____ () C:\Program Files\Alwil Software\Avast5\defs\14120700\algo.dll 2012-09-05 14:50 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2011-10-07 10:41 - 2011-10-07 10:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2014-11-21 14:05 - 2014-11-21 14:05 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll 2014-12-07 10:37 - 2014-12-07 10:37 - 00043008 _____ () c:\users\kerma\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpggeldt.dll 2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\KerMa\AppData\Roaming\Dropbox\bin\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:109734F6 AlternateDataStreams: C:\ProgramData\TEMP:206470A5 AlternateDataStreams: C:\ProgramData\TEMP:2701CA70 AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9 AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:51E66512 AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7 AlternateDataStreams: C:\ProgramData\TEMP:6E65510A AlternateDataStreams: C:\ProgramData\TEMP:79A7F369 AlternateDataStreams: C:\ProgramData\TEMP:8AE92FD3 AlternateDataStreams: C:\ProgramData\TEMP:94B25DF5 AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211 AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675 AlternateDataStreams: C:\ProgramData\TEMP:A02025CE AlternateDataStreams: C:\ProgramData\TEMP:AECF4772 AlternateDataStreams: C:\ProgramData\TEMP:C0BCE04B AlternateDataStreams: C:\ProgramData\TEMP:C8E3A625 AlternateDataStreams: C:\ProgramData\TEMP:D6D084A5 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: B2C_AGENT => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" MSCONFIG\startupreg: TkBellExe => "c:\users\admin\update\realsched.exe" -osboot ========================= Accounts: ========================== Admin (S-1-5-21-547636488-2336383340-334652843-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-547636488-2336383340-334652843-500 - Administrator - Disabled) ASPNET (S-1-5-21-547636488-2336383340-334652843-1005 - Limited - Enabled) Gast (S-1-5-21-547636488-2336383340-334652843-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-547636488-2336383340-334652843-1003 - Limited - Enabled) KerMa (S-1-5-21-547636488-2336383340-334652843-1000 - Administrator - Enabled) => C:\Users\KerMa UpdatusUser (S-1-5-21-547636488-2336383340-334652843-1007 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/06/2014 00:28:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x94c Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (12/05/2014 09:52:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233 Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.4052, Zeitstempel: 0x53b44304 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0075514c ID des fehlerhaften Prozesses: 0x2310 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (11/28/2014 04:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wlmail.exe, Version 14.0.8089.726 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1de4 Startzeit: 01d00b1ff555b121 Endzeit: 23 Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe Berichts-ID: 5b1ccb94-7715-11e4-a2e3-0019662b4ca8 Error: (11/28/2014 04:28:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wlmail.exe, Version 14.0.8089.726 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fd0 Startzeit: 01d00aeb851d92b3 Endzeit: 55 Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe Berichts-ID: 22f4cbc6-7713-11e4-a2e3-0019662b4ca8 Error: (11/28/2014 00:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00059c5f ID des fehlerhaften Prozesses: 0xe90 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (11/27/2014 11:48:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xccc Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (11/21/2014 02:04:14 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {3f4bfed5-cabb-4dff-aa53-5daf5a0029cd} Error: (11/05/2014 04:47:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 680 Startzeit: 01cff908ce7f881e Endzeit: 39 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 14778f34-6503-11e4-9a1b-0019662b4ca8 Error: (11/04/2014 10:39:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wlmail.exe, Version 14.0.8089.726 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ac8 Startzeit: 01cff812fed3fddd Endzeit: 15 Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe Berichts-ID: 812eb751-6406-11e4-a819-0019662b4ca8 Error: (11/02/2014 08:08:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm WINWORD.EXE, Version 9.0.0.2823 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 478c Startzeit: 01cff6d04ab55724 Endzeit: 24 Anwendungspfad: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Berichts-ID: 91657b03-62c3-11e4-af3d-0019662b4ca8 System errors: ============= Error: (12/07/2014 10:38:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (12/07/2014 10:38:37 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (12/07/2014 10:37:51 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/07/2014 10:37:51 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/07/2014 10:37:50 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/07/2014 10:37:50 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/07/2014 10:37:49 AM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (12/07/2014 10:36:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT) Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error: (12/06/2014 07:30:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (12/06/2014 07:30:15 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Microsoft Office Sessions: ========================= Error: (12/06/2014 00:28:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.17420545ad233unknown0.0.0.000000000c00000050000000094c01d01120bc8120e2C:\Program Files\Internet Explorer\iexplore.exeunknown084509cb-7d3b-11e4-bf46-0019662b4ca8 Error: (12/05/2014 09:52:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.17420545ad233nvd3dum.dll9.18.13.405253b44304c00000050075514c231001d010c470175106C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvd3dum.dll9f5fb876-7cc0-11e4-b18e-0019662b4ca8 Error: (11/28/2014 04:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wlmail.exe14.0.8089.7261de401d00b1ff555b12123C:\Program Files\Windows Live\Mail\wlmail.exe5b1ccb94-7715-11e4-a2e3-0019662b4ca8 Error: (11/28/2014 04:28:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wlmail.exe14.0.8089.726fd001d00aeb851d92b355C:\Program Files\Windows Live\Mail\wlmail.exe22f4cbc6-7713-11e4-a2e3-0019662b4ca8 Error: (11/28/2014 00:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.17420545ad233ntdll.dll6.1.7601.18247521ea91cc000000500059c5fe9001d00a12e0a0c666C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld052664a-768c-11e4-a3a9-0019662b4ca8 Error: (11/27/2014 11:48:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.17420545ad233unknown0.0.0.000000000c000000500000000ccc01d00a12e3c1dc86C:\Program Files\Internet Explorer\iexplore.exeunknown853e069f-7687-11e4-a3a9-0019662b4ca8 Error: (11/21/2014 02:04:14 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {3f4bfed5-cabb-4dff-aa53-5daf5a0029cd} Error: (11/05/2014 04:47:52 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.1756768001cff908ce7f881e39C:\Windows\Explorer.EXE14778f34-6503-11e4-9a1b-0019662b4ca8 Error: (11/04/2014 10:39:52 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wlmail.exe14.0.8089.726ac801cff812fed3fddd15C:\Program Files\Windows Live\Mail\wlmail.exe812eb751-6406-11e4-a819-0019662b4ca8 Error: (11/02/2014 08:08:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: WINWORD.EXE9.0.0.2823478c01cff6d04ab5572424C:\Program Files\Microsoft Office\Office\WINWORD.EXE91657b03-62c3-11e4-af3d-0019662b4ca8 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 64% Total physical RAM: 2047.3 MB Available physical RAM: 736.16 MB Total Pagefile: 4094.61 MB Available Pagefile: 2462.58 MB Total Virtual: 2047.88 MB Available Virtual: 1894.35 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:129.05 GB) (Free:10.32 GB) NTFS Drive e: (Volume) (Fixed) (Total:103.64 GB) (Free:98.47 GB) NTFS Drive f: (Lexar) (Removable) (Total:3.73 GB) (Free:0.01 GB) NTFS Drive g: (VERBATIM) (Fixed) (Total:298.02 GB) (Free:100.29 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 836A44E5) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=129 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=103.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 298.1 GB) (Disk ID: EA7D0047) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C) ==================== End Of Log ============================ Geändert von MathiasZ (07.12.2014 um 12:04 Uhr) |
07.12.2014, 11:51 | #2 |
/// the machine /// TB-Ausbilder | WicaInventory.exe hi,
__________________So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Scan mit Combofix
__________________ |
07.12.2014, 12:26 | #3 |
| WicaInventory.exe Hallo schrauber,
__________________zunächst mal herzlichen Dank für die superschnelle Reaktion! Hier das Log von Combofix Code:
ATTFilter Combofix Logfile: |
08.12.2014, 10:42 | #4 |
/// the machine /// TB-Ausbilder | WicaInventory.exe Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.12.2014, 16:06 | #5 |
| WicaInventory.exe Alles ist durchgelaufen. JRT habe ich versehentlich im ersten Durchlauf nicht im Admin-Modus laufen lassen. Die jrt.txt wies jedoch zwei Registryeinträge als gelöscht aus. Einen verwaisten mit Bezug auf den IE und einen weiteren. Beim zweiten Durchlauf von JRT wurde das erste Textfile gelöscht. Bereits seit den ersten Maßnahmen gestern hat AVAST keine Bedrohung mehr gemeldet. Jedoch werden die Icons auf dem Desktop nicht mehr richtig dargestellt. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.12.2014 Suchlauf-Zeit: 15:07:15 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.08.04 Rootkit Datenbank: v2014.12.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: KerMa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 390402 Verstrichene Zeit: 11 Min, 39 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.104 - Bericht erstellt am 08/12/2014 um 15:26:20 # Aktualisiert 05/12/2014 von Xplode # Database : 2014-12-08.1 [Live] # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : KerMa - KERMA-PC # Gestartet von : C:\Users\KerMa\Desktop\AdwCleaner_4.104.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\KerMa\AppData\Roaming\Security System 2 ***** [ Tasks ] ***** Task Gelöscht : Software Updater Ui Task Gelöscht : Software Updater ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKCU\Software\IM ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v33.1.1 (x86 de) ************************* AdwCleaner[R4].txt - [1226 octets] - [08/12/2014 15:24:07] AdwCleaner[S3].txt - [1147 octets] - [08/12/2014 15:26:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1207 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Windows 7 Professional x86 Ran by KerMa on 08.12.2014 at 15:48:22,77 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.12.2014 at 15:51:05,55 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01 Ran by KerMa (administrator) on KERMA-PC on 08-12-2014 15:51:37 Running from C:\Users\KerMa\Desktop Loaded Profile: KerMa (Available profiles: KerMa & Admin & UpdatusUser) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/ HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x757589A8B75FCB01 HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> DefaultScope {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> c:\users\admin\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> c:\users\admin\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.660 -> c:\users\admin\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-15] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software) S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.) R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-21] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-03-19] () R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-03-19] () S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2010-01-14] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [25376 2010-01-14] (Windows (R) Codename Longhorn DDK provider) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation) R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software) S3 aaudstum; \??\C:\Users\KerMa\AppData\Local\Temp\aaudstum.sys [X] S3 catchme; \??\C:\Users\KerMa\AppData\Local\Temp\catchme.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X] S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X] S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X] S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 15:51 - 2014-12-08 15:51 - 00000625 _____ () C:\Users\KerMa\Desktop\JRT.txt 2014-12-08 15:37 - 2014-12-08 15:37 - 00000000 ____D () C:\Windows\ERUNT 2014-12-08 15:35 - 2014-12-08 15:35 - 01707646 _____ (Thisisu) C:\Users\KerMa\Desktop\JRT.exe 2014-12-08 15:33 - 2014-12-08 15:33 - 00001287 _____ () C:\Users\KerMa\Desktop\AdwCleaner[S3].txt 2014-12-08 15:23 - 2014-12-08 15:26 - 00000000 ____D () C:\AdwCleaner 2014-12-08 15:23 - 2014-12-08 15:23 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-08 15:22 - 2014-12-08 15:22 - 02153472 _____ () C:\Users\KerMa\Desktop\AdwCleaner_4.104.exe 2014-12-08 15:20 - 2014-12-08 15:20 - 00001203 _____ () C:\Users\KerMa\Desktop\mbam.txt 2014-12-08 15:06 - 2014-12-08 15:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-08 15:06 - 2014-12-08 15:06 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-08 15:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-08 15:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-08 15:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-08 15:05 - 2014-12-08 15:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\KerMa\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-07 14:42 - 2014-12-07 14:42 - 00000000 ____D () C:\Users\KerMa\Desktop\Quick Immo - DaSi 2014-12-07 12:40 - 2014-12-07 12:41 - 00000000 ___SD () C:\ComboFix 2014-12-07 12:07 - 2014-12-07 12:41 - 00000000 ____D () C:\Qoobox 2014-12-07 12:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-07 12:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-07 12:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-07 12:06 - 2014-12-07 12:19 - 00000000 ____D () C:\Windows\erdnt 2014-12-07 12:04 - 2014-12-07 12:04 - 05600430 ____R (Swearware) C:\Users\KerMa\Desktop\ComboFix.exe 2014-12-07 11:14 - 2014-12-07 11:15 - 00049223 _____ () C:\Users\KerMa\Desktop\Addition.txt 2014-12-07 11:13 - 2014-12-08 15:51 - 00014079 _____ () C:\Users\KerMa\Desktop\FRST.txt 2014-12-07 11:13 - 2014-12-08 15:51 - 00000000 ____D () C:\FRST 2014-12-07 11:04 - 2014-12-07 11:04 - 01111040 _____ (Farbar) C:\Users\KerMa\Desktop\FRST.exe 2014-12-05 20:09 - 2014-12-05 20:09 - 00200668 _____ () C:\Users\KerMa\Desktop\FRITZ.Box Fon WLAN 7270 v2 54.05.54_05.12.14_2009.export 2014-11-29 08:01 - 2014-11-29 08:01 - 00000199 _____ () C:\Windows\system32\2014-11-29-07-01-38.005-AvastVBoxSVC.exe-2268.log 2014-11-28 16:23 - 2014-11-28 16:24 - 00305064 _____ () C:\Users\KerMa\Desktop\support FRITZ.Box Fon WLAN 7270 v2 54.05.54_28.11.14_1623.txt 2014-11-28 10:14 - 2014-11-28 10:14 - 00000199 _____ () C:\Windows\system32\2014-11-28-09-14-32.095-AvastVBoxSVC.exe-2356.log 2014-11-25 10:15 - 2014-11-25 10:15 - 00000249 _____ () C:\Windows\system32\2014-11-25-09-15-05.025-aswFe.exe-4424.log 2014-11-25 09:56 - 2014-11-25 10:14 - 00000249 _____ () C:\Windows\system32\2014-11-25-08-56-24.032-aswFe.exe-3484.log 2014-11-25 09:56 - 2014-11-25 09:56 - 00000199 _____ () C:\Windows\system32\2014-11-25-08-56-08.047-AvastVBoxSVC.exe-5512.log 2014-11-22 11:44 - 2014-11-22 11:44 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-44-04.089-aswFe.exe-5932.log 2014-11-22 11:26 - 2014-11-22 11:43 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-26-56.055-aswFe.exe-728.log 2014-11-22 11:26 - 2014-11-22 11:26 - 00000199 _____ () C:\Windows\system32\2014-11-22-10-26-40.079-AvastVBoxSVC.exe-3656.log 2014-11-22 11:06 - 2014-11-22 11:07 - 00000000 ____D () C:\Windows\system32\vbox 2014-11-22 10:58 - 2014-12-08 15:28 - 00011682 _____ () C:\Windows\PFRO.log 2014-11-21 14:06 - 2014-11-21 14:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-11-21 14:05 - 2014-11-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-11-19 09:26 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 09:26 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-16 03:12 - 2014-11-16 03:12 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Macromedia 2014-11-16 00:41 - 2014-11-16 00:41 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-16 00:41 - 2014-11-16 00:41 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\ProgramData\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\Users\KerMa\AppData\Local\NVIDIA 2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-11-15 00:09 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Floodlight Games 2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\ProgramData\Floodlight Games 2014-11-12 11:32 - 2014-11-12 11:32 - 00000000 __SHD () C:\Users\KerMa\AppData\Local\EmieBrowserModeList 2014-11-12 09:07 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 09:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 09:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 09:07 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 09:07 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 09:06 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 09:06 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 09:06 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 09:06 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 09:06 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 09:06 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 09:06 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 09:06 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 09:06 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 09:06 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 09:06 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 09:06 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 09:06 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 09:06 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 09:06 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 09:06 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 09:06 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 09:06 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 09:06 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 09:06 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 09:06 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 09:06 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 09:06 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 09:06 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 09:06 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 09:06 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 09:06 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 09:06 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 09:06 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 09:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 09:06 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 09:06 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 09:06 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 09:06 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 09:06 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 09:05 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 09:05 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 09:05 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 07:15 - 2014-12-08 15:45 - 00003436 _____ () C:\Windows\setupact.log 2014-11-11 07:15 - 2014-11-11 07:15 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-11 07:14 - 2014-11-12 11:26 - 00284168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 00:38 - 2014-11-11 00:38 - 00061288 _____ () C:\Users\KerMa\AppData\Local\GDIPFONTCACHEV1.DAT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 15:47 - 2010-04-27 22:17 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Skype 2014-12-08 15:46 - 2014-02-15 01:50 - 00000000 ___RD () C:\Users\KerMa\Dropbox 2014-12-08 15:46 - 2014-02-15 01:48 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Dropbox 2014-12-08 15:45 - 2012-09-05 14:52 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-08 15:45 - 2010-04-29 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-08 15:45 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-08 15:44 - 2014-05-20 19:56 - 01485629 _____ () C:\Windows\WindowsUpdate.log 2014-12-08 15:35 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-08 15:35 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-08 15:16 - 2010-04-29 13:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-08 15:02 - 2012-04-04 07:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-08 12:22 - 2013-12-10 15:03 - 00000000 ____D () C:\QuickImmobilie 2014 2014-12-08 12:17 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-12-07 17:18 - 2011-06-15 22:04 - 00020480 ___SH () C:\Users\KerMa\Thumbs.db 2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-12-07 12:19 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2014-12-07 12:18 - 2010-03-13 21:34 - 00000000 ____D () C:\Users\KerMa 2014-12-07 02:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-30 17:14 - 2013-02-27 08:55 - 00000000 ____D () C:\Users\KerMa\Desktop\Damo 2014-11-26 19:02 - 2012-04-04 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-26 19:02 - 2011-05-16 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-22 11:07 - 2013-02-06 14:00 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Google 2014-11-22 11:07 - 2010-03-27 19:05 - 00000000 ____D () C:\Program Files\Google 2014-11-22 11:03 - 2010-03-13 23:37 - 00000000 ____D () C:\Users\KerMa\Desktop\Tools 2014-11-21 14:05 - 2014-05-01 09:17 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-11-21 14:05 - 2013-12-20 11:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-11-21 14:05 - 2013-03-15 23:38 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-11-21 14:05 - 2013-03-15 23:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-11-21 14:05 - 2012-02-25 17:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-11-21 14:05 - 2011-03-29 14:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-11-21 14:05 - 2010-03-13 22:52 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-11-21 14:05 - 2010-03-13 22:51 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-11-16 00:41 - 2014-01-16 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-15 19:52 - 2014-02-15 01:50 - 00001025 _____ () C:\Users\KerMa\Desktop\Dropbox.lnk 2014-11-15 19:52 - 2014-02-15 01:49 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-15 00:10 - 2012-09-05 14:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-11-15 00:10 - 2010-03-13 23:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-11-12 14:45 - 2013-10-10 15:48 - 00000000 ____D () C:\Windows\rescache 2014-11-12 14:02 - 2011-07-22 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills 2014-11-12 14:00 - 2014-05-23 11:36 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT 2014-11-12 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-12 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-11-12 11:24 - 2014-04-30 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-12 11:19 - 2013-08-13 08:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 11:17 - 2010-03-13 22:11 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-08 01:59 - 2011-02-09 22:08 - 00000000 ____D () C:\Users\KerMa\Desktop\Saab Files to move or delete: ==================== C:\Users\Admin\autoplaylist.dat C:\Users\Admin\cddbcontrol.dll C:\Users\Admin\cddblink.dll C:\Users\Admin\cddbmusicid.dll C:\Users\Admin\convert.exe C:\Users\Admin\dbghelp.dll C:\Users\Admin\dunzip32.dll C:\Users\Admin\fixrjb.exe C:\Users\Admin\hxaudiodevicehook.dll C:\Users\Admin\ierjplug.dll C:\Users\Admin\keys.dat C:\Users\Admin\mc_enc_mp4v.dll C:\Users\Admin\mmcdda32.dll C:\Users\Admin\rdsf3260.dll C:\Users\Admin\realconverter.exe C:\Users\Admin\realjbox.exe C:\Users\Admin\realplay.exe C:\Users\Admin\realshare.exe C:\Users\Admin\realtrimmer.exe C:\Users\Admin\recordingmanager.exe C:\Users\Admin\rjbres.dll C:\Users\Admin\rjdlg.dll C:\Users\Admin\rjprog.dll C:\Users\Admin\rjwmapln.dll C:\Users\Admin\rndevicedbbuilder.exe C:\Users\Admin\rpau3260.dll C:\Users\Admin\rphelperapp.exe C:\Users\Admin\rpplugprot.dll C:\Users\Admin\rpshell.dll C:\Users\Admin\rpshellsearch.dll C:\Users\Admin\rpwa3260.dll C:\Users\Admin\strs23.dat C:\Users\Admin\strs26.dat C:\Users\Admin\tnetdtct.dll C:\Users\Admin\tpasdk.dll C:\Users\Admin\tsasdk.dll C:\Users\Admin\wmdmhelper.dll Some content of TEMP: ==================== C:\Users\KerMa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyppvsa.dll C:\Users\KerMa\AppData\Local\Temp\Quarantine.exe C:\Users\KerMa\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 14:41 ==================== End Of Log ============================ |
09.12.2014, 11:40 | #6 |
/// the machine /// TB-Ausbilder | WicaInventory.exeESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> WicaInventory.exe |
09.12.2014, 23:49 | #7 |
| WicaInventory.exe Puh ... ESET hat ewig gebraucht ... Noch Probleme? - Ja. ESET hat zwar Bedrohungen festgestellt, aber keine entfernt. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e590bbeed30d734494ac201cd6fa5258 # engine=21467 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-09 10:03:42 # local_time=2014-12-09 11:03:42 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 54064 169793813 0 0 # scanned=193158 # found=20 # cleaned=0 # scan_time=39078 sh=A742B89CBE6E6F412CA683AC410D86B1C9EE2EB3 ft=1 fh=f77f10cc038156f9 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-547636488-2336383340-334652843-1000\$RJXJL6Y\Quarantine\C\Windows\system32\roboot.exe.vir" sh=462E2C3E4B67402CAD749DE2F77DB4E6CCBF1A8D ft=0 fh=0000000000000000 vn="HTML/Phishing.Agent.A Trojaner" ac=I fn="G:\KERMA-PC\Backup Set 2012-08-14 172916\Backup Files 2012-09-23 190001\Backup files 1.zip" sh=B5E07F7531212FB1FB7A656AE8580AB5668A688D ft=0 fh=0000000000000000 vn="HTML/Phishing.Agent.A Trojaner" ac=I fn="G:\KERMA-PC\Backup Set 2012-10-07 190005\Backup Files 2012-11-04 190002\Backup files 1.zip" sh=E24964A451174E90CEF07B8E20E9E7A1B7974C48 ft=0 fh=0000000000000000 vn="HTML/Phishing.Agent.A Trojaner" ac=I fn="G:\KERMA-PC\Backup Set 2012-10-07 190005\Backup Files 2012-11-11 190001\Backup files 1.zip" sh=9179B5C0417DBC934A17D362174F898558166D33 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-01-13 190002\Backup Files 2013-02-10 190003\Backup files 4.zip" sh=BCB36343B898DAEE49C8D6DC4D3F6A11DC6030D4 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-03-10 190003\Backup Files 2013-03-10 190003\Backup files 22.zip" sh=C464CC35FBDC3CAB8D3A6B870745EFDC1079311C ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-04-28 190002\Backup Files 2013-04-28 190002\Backup files 22.zip" sh=D0F0A8DEDD9CE827C1876B3468621CF1AA460208 ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-04-28 190002\Backup Files 2013-05-19 190002\Backup files 1.zip" sh=6C822D7B3CA09F1D316592CCE96A58D3980DA452 ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-04-28 190002\Backup Files 2013-05-26 190001\Backup files 1.zip" sh=0FADDB49084CB15AB7D1976536B680A8D04C3B1E ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.KH Trojaner" ac=I fn="G:\KERMA-PC\Backup Set 2013-04-28 190002\Backup Files 2013-06-11 082032\Backup files 1.zip" sh=5A39DDC53A3BFD0E1C98B0AF1F7731233876963C ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-06-16 190004\Backup Files 2013-06-16 190004\Backup files 3.zip" sh=957B0D031257F6440A9D9F1EA94DA5980616419D ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-06-16 190004\Backup Files 2013-06-16 190004\Backup files 23.zip" sh=CFDDEE53DEE08D703B80B9A46F1E608ECEAC339F ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-08-11 190002\Backup Files 2013-08-11 190002\Backup files 26.zip" sh=962EB734481EFDAEFDDEE609F143C3C3787AA26F ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2013-10-20 190002\Backup Files 2013-10-20 190002\Backup files 33.zip" sh=ADDEC0E977DAD1EEF427ACC654AFD102E5C31A25 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-01-05 190005\Backup Files 2014-01-05 190005\Backup files 35.zip" sh=DAEF67288F47AAEEE5BC2372B8DF1A634B8B89FB ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-01-05 190005\Backup Files 2014-01-19 190003\Backup files 1.zip" sh=DF2236FB60F6F364B8EA522A9D89FD83F76F4667 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-03-30 190002\Backup Files 2014-03-30 190002\Backup files 38.zip" sh=9CA68624696E89AD57FB59E4B1E5E64EA278F2BE ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-06-15 190004\Backup Files 2014-06-15 190004\Backup files 38.zip" sh=E22A3DD8628F87CE303F0925311AF13370840851 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-08-31 190003\Backup Files 2014-08-31 190003\Backup files 39.zip" sh=AC1056969EE191616552D0DC0F15456EB30B46F1 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="G:\KERMA-PC\Backup Set 2014-11-16 190003\Backup Files 2014-11-16 190003\Backup files 40.zip" Code:
ATTFilter Results of screen317's Security Check version 0.99.91 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 67 Java 8 Update 25 Java version 32-bit out of Date! Adobe Flash Player 15.0.0.239 Adobe Reader XI Mozilla Firefox (33.1.1) ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01 Ran by KerMa (administrator) on KERMA-PC on 09-12-2014 23:37:34 Running from C:\Users\KerMa\Desktop Loaded Profile: KerMa (Available profiles: KerMa & Admin & UpdatusUser) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Dropbox, Inc.) C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/ HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x757589A8B75FCB01 HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> DefaultScope {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> c:\users\admin\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> c:\users\admin\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.660 -> c:\users\admin\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-15] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software) S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.) R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-21] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-03-19] () R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-03-19] () S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2010-01-14] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [25376 2010-01-14] (Windows (R) Codename Longhorn DDK provider) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation) R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software) S3 aaudstum; \??\C:\Users\KerMa\AppData\Local\Temp\aaudstum.sys [X] S3 catchme; \??\C:\Users\KerMa\AppData\Local\Temp\catchme.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X] S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X] S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X] S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-09 23:37 - 2014-12-09 23:37 - 00000873 _____ () C:\Users\KerMa\Desktop\checkup.txt 2014-12-09 23:34 - 2014-12-09 23:34 - 00852490 _____ () C:\Users\KerMa\Desktop\SecurityCheck.exe 2014-12-09 12:08 - 2014-12-09 12:08 - 00000000 ____D () C:\Program Files\ESET 2014-12-09 12:04 - 2014-12-09 12:04 - 02347384 _____ (ESET) C:\Users\KerMa\Desktop\esetsmartinstaller_deu.exe 2014-12-08 15:51 - 2014-12-08 15:51 - 00000625 _____ () C:\Users\KerMa\Desktop\JRT.txt 2014-12-08 15:37 - 2014-12-08 15:37 - 00000000 ____D () C:\Windows\ERUNT 2014-12-08 15:35 - 2014-12-08 15:35 - 01707646 _____ (Thisisu) C:\Users\KerMa\Desktop\JRT.exe 2014-12-08 15:33 - 2014-12-08 15:33 - 00001287 _____ () C:\Users\KerMa\Desktop\AdwCleaner[S3].txt 2014-12-08 15:23 - 2014-12-08 15:26 - 00000000 ____D () C:\AdwCleaner 2014-12-08 15:23 - 2014-12-08 15:23 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-08 15:22 - 2014-12-08 15:22 - 02153472 _____ () C:\Users\KerMa\Desktop\AdwCleaner_4.104.exe 2014-12-08 15:20 - 2014-12-08 15:20 - 00001203 _____ () C:\Users\KerMa\Desktop\mbam.txt 2014-12-08 15:06 - 2014-12-08 15:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-08 15:06 - 2014-12-08 15:06 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-08 15:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-08 15:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-08 15:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-08 15:05 - 2014-12-08 15:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\KerMa\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-07 14:42 - 2014-12-07 14:42 - 00000000 ____D () C:\Users\KerMa\Desktop\Quick Immo - DaSi 2014-12-07 12:40 - 2014-12-07 12:41 - 00000000 ___SD () C:\ComboFix 2014-12-07 12:07 - 2014-12-07 12:41 - 00000000 ____D () C:\Qoobox 2014-12-07 12:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-07 12:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-07 12:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-07 12:06 - 2014-12-07 12:19 - 00000000 ____D () C:\Windows\erdnt 2014-12-07 12:04 - 2014-12-07 12:04 - 05600430 ____R (Swearware) C:\Users\KerMa\Desktop\ComboFix.exe 2014-12-07 11:14 - 2014-12-07 11:15 - 00049223 _____ () C:\Users\KerMa\Desktop\Addition.txt 2014-12-07 11:13 - 2014-12-09 23:37 - 00013981 _____ () C:\Users\KerMa\Desktop\FRST.txt 2014-12-07 11:13 - 2014-12-09 23:37 - 00000000 ____D () C:\FRST 2014-12-07 11:04 - 2014-12-07 11:04 - 01111040 _____ (Farbar) C:\Users\KerMa\Desktop\FRST.exe 2014-12-05 20:09 - 2014-12-05 20:09 - 00200668 _____ () C:\Users\KerMa\Desktop\FRITZ.Box Fon WLAN 7270 v2 54.05.54_05.12.14_2009.export 2014-11-29 08:01 - 2014-11-29 08:01 - 00000199 _____ () C:\Windows\system32\2014-11-29-07-01-38.005-AvastVBoxSVC.exe-2268.log 2014-11-28 16:23 - 2014-11-28 16:24 - 00305064 _____ () C:\Users\KerMa\Desktop\support FRITZ.Box Fon WLAN 7270 v2 54.05.54_28.11.14_1623.txt 2014-11-28 10:14 - 2014-11-28 10:14 - 00000199 _____ () C:\Windows\system32\2014-11-28-09-14-32.095-AvastVBoxSVC.exe-2356.log 2014-11-25 10:15 - 2014-11-25 10:15 - 00000249 _____ () C:\Windows\system32\2014-11-25-09-15-05.025-aswFe.exe-4424.log 2014-11-25 09:56 - 2014-11-25 10:14 - 00000249 _____ () C:\Windows\system32\2014-11-25-08-56-24.032-aswFe.exe-3484.log 2014-11-25 09:56 - 2014-11-25 09:56 - 00000199 _____ () C:\Windows\system32\2014-11-25-08-56-08.047-AvastVBoxSVC.exe-5512.log 2014-11-22 11:44 - 2014-11-22 11:44 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-44-04.089-aswFe.exe-5932.log 2014-11-22 11:26 - 2014-11-22 11:43 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-26-56.055-aswFe.exe-728.log 2014-11-22 11:26 - 2014-11-22 11:26 - 00000199 _____ () C:\Windows\system32\2014-11-22-10-26-40.079-AvastVBoxSVC.exe-3656.log 2014-11-22 11:06 - 2014-11-22 11:07 - 00000000 ____D () C:\Windows\system32\vbox 2014-11-22 10:58 - 2014-12-08 15:28 - 00011682 _____ () C:\Windows\PFRO.log 2014-11-21 14:06 - 2014-11-21 14:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-11-21 14:05 - 2014-11-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-11-19 09:26 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 09:26 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-16 03:12 - 2014-11-16 03:12 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Macromedia 2014-11-16 00:41 - 2014-11-16 00:41 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-16 00:41 - 2014-11-16 00:41 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\ProgramData\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\Users\KerMa\AppData\Local\NVIDIA 2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-11-15 00:09 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Floodlight Games 2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\ProgramData\Floodlight Games 2014-11-12 11:32 - 2014-11-12 11:32 - 00000000 __SHD () C:\Users\KerMa\AppData\Local\EmieBrowserModeList 2014-11-12 09:07 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 09:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 09:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 09:07 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 09:07 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 09:06 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 09:06 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 09:06 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 09:06 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 09:06 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 09:06 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 09:06 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 09:06 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 09:06 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 09:06 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 09:06 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 09:06 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 09:06 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 09:06 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 09:06 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 09:06 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 09:06 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 09:06 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 09:06 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 09:06 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 09:06 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 09:06 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 09:06 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 09:06 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 09:06 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 09:06 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 09:06 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 09:06 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 09:06 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 09:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 09:06 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 09:06 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 09:06 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 09:06 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 09:06 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 09:05 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 09:05 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 09:05 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 07:15 - 2014-12-09 08:54 - 00003548 _____ () C:\Windows\setupact.log 2014-11-11 07:15 - 2014-11-11 07:15 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-11 07:14 - 2014-11-12 11:26 - 00284168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 00:38 - 2014-11-11 00:38 - 00061288 _____ () C:\Users\KerMa\AppData\Local\GDIPFONTCACHEV1.DAT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-09 23:16 - 2010-04-29 13:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-09 23:02 - 2012-04-04 07:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-09 18:07 - 2014-05-20 19:56 - 01523083 _____ () C:\Windows\WindowsUpdate.log 2014-12-09 12:09 - 2010-04-27 22:17 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Skype 2014-12-09 09:27 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-09 09:27 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-09 08:56 - 2014-02-15 01:50 - 00000000 ___RD () C:\Users\KerMa\Dropbox 2014-12-09 08:56 - 2014-02-15 01:48 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Dropbox 2014-12-09 08:55 - 2010-04-29 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-09 08:54 - 2012-09-05 14:52 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-09 08:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-08 12:22 - 2013-12-10 15:03 - 00000000 ____D () C:\QuickImmobilie 2014 2014-12-08 12:17 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-12-07 17:18 - 2011-06-15 22:04 - 00020480 ___SH () C:\Users\KerMa\Thumbs.db 2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-12-07 12:19 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2014-12-07 12:18 - 2010-03-13 21:34 - 00000000 ____D () C:\Users\KerMa 2014-12-07 02:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-30 17:14 - 2013-02-27 08:55 - 00000000 ____D () C:\Users\KerMa\Desktop\Damo 2014-11-26 19:02 - 2012-04-04 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-26 19:02 - 2011-05-16 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-22 11:07 - 2013-02-06 14:00 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Google 2014-11-22 11:07 - 2010-03-27 19:05 - 00000000 ____D () C:\Program Files\Google 2014-11-22 11:03 - 2010-03-13 23:37 - 00000000 ____D () C:\Users\KerMa\Desktop\Tools 2014-11-21 14:05 - 2014-05-01 09:17 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-11-21 14:05 - 2013-12-20 11:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-11-21 14:05 - 2013-03-15 23:38 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-11-21 14:05 - 2013-03-15 23:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-11-21 14:05 - 2012-02-25 17:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-11-21 14:05 - 2011-03-29 14:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-11-21 14:05 - 2010-03-13 22:52 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-11-21 14:05 - 2010-03-13 22:51 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-11-16 00:41 - 2014-01-16 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-15 19:52 - 2014-02-15 01:50 - 00001025 _____ () C:\Users\KerMa\Desktop\Dropbox.lnk 2014-11-15 19:52 - 2014-02-15 01:49 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-15 00:10 - 2012-09-05 14:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-11-15 00:10 - 2010-03-13 23:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-11-12 14:45 - 2013-10-10 15:48 - 00000000 ____D () C:\Windows\rescache 2014-11-12 14:02 - 2011-07-22 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills 2014-11-12 14:00 - 2014-05-23 11:36 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT 2014-11-12 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-12 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-11-12 11:24 - 2014-04-30 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 11:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-12 11:19 - 2013-08-13 08:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 11:17 - 2010-03-13 22:11 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Files to move or delete: ==================== C:\Users\Admin\autoplaylist.dat C:\Users\Admin\cddbcontrol.dll C:\Users\Admin\cddblink.dll C:\Users\Admin\cddbmusicid.dll C:\Users\Admin\convert.exe C:\Users\Admin\dbghelp.dll C:\Users\Admin\dunzip32.dll C:\Users\Admin\fixrjb.exe C:\Users\Admin\hxaudiodevicehook.dll C:\Users\Admin\ierjplug.dll C:\Users\Admin\keys.dat C:\Users\Admin\mc_enc_mp4v.dll C:\Users\Admin\mmcdda32.dll C:\Users\Admin\rdsf3260.dll C:\Users\Admin\realconverter.exe C:\Users\Admin\realjbox.exe C:\Users\Admin\realplay.exe C:\Users\Admin\realshare.exe C:\Users\Admin\realtrimmer.exe C:\Users\Admin\recordingmanager.exe C:\Users\Admin\rjbres.dll C:\Users\Admin\rjdlg.dll C:\Users\Admin\rjprog.dll C:\Users\Admin\rjwmapln.dll C:\Users\Admin\rndevicedbbuilder.exe C:\Users\Admin\rpau3260.dll C:\Users\Admin\rphelperapp.exe C:\Users\Admin\rpplugprot.dll C:\Users\Admin\rpshell.dll C:\Users\Admin\rpshellsearch.dll C:\Users\Admin\rpwa3260.dll C:\Users\Admin\strs23.dat C:\Users\Admin\strs26.dat C:\Users\Admin\tnetdtct.dll C:\Users\Admin\tpasdk.dll C:\Users\Admin\tsasdk.dll C:\Users\Admin\wmdmhelper.dll Some content of TEMP: ==================== C:\Users\KerMa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfwzzbw.dll C:\Users\KerMa\AppData\Local\Temp\Quarantine.exe C:\Users\KerMa\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 14:41 ==================== End Of Log ============================ |
10.12.2014, 19:07 | #8 |
/// the machine /// TB-Ausbilder | WicaInventory.exe ESET Funde sind in deinen Backups. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$RECYCLE.BIN GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235 Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
frisches FRST log bitte.Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.12.2014, 19:24 | #9 |
| WicaInventory.exe Ich glaube Du hast es erfolgreich geschafft! :-) Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-12-2014 01 Ran by KerMa at 2014-12-10 19:10:52 Run:1 Running from C:\Users\KerMa\Desktop Loaded Profiles: KerMa & (Available profiles: KerMa & Admin & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\$RECYCLE.BIN GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:2235;https=127.0.0.1:2235 Emptytemp: ***************** C:\$RECYCLE.BIN => Moved successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-547636488-2336383340-334652843-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. EmptyTemp: => Removed 266.1 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01 Ran by KerMa (administrator) on KERMA-PC on 10-12-2014 19:21:13 Running from C:\Users\KerMa\Desktop Loaded Profile: KerMa (Available profiles: KerMa & Admin & UpdatusUser) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8546848 2010-03-17] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2014-11-21] (AVAST Software) HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-547636488-2336383340-334652843-1000\...\RunOnce: [Adobe Speed Launcher] => 1418235410 Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\KerMa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/ HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x757589A8B75FCB01 HKU\S-1-5-21-547636488-2336383340-334652843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> DefaultScope {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> {DE86B2D1-0270-476C-A33E-24D1E15BE378} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-547636488-2336383340-334652843-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\KerMa\AppData\Roaming\Mozilla\Firefox\Profiles\xssqguqz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> c:\users\admin\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> c:\users\admin\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.660 -> c:\users\admin\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-07-15] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-29] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-15] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-21] (AVAST Software) S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-21] (Avast Software) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.) R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-21] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-21] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-21] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-21] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-03-19] () R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation) R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-03-19] () S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2010-01-14] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [25376 2010-01-14] (Windows (R) Codename Longhorn DDK provider) S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2010-01-14] (Realtek Corporation) R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2014-11-21] (Avast Software) S3 aaudstum; \??\C:\Users\KerMa\AppData\Local\Temp\aaudstum.sys [X] S3 catchme; \??\C:\Users\KerMa\AppData\Local\Temp\catchme.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X] S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X] S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X] S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 15:26 - 2014-12-10 15:26 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 15:09 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 11:15 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 11:15 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 11:15 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 11:15 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 11:15 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 11:15 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 11:15 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 11:15 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 11:15 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 11:15 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 11:15 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 11:15 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 11:15 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 11:15 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 11:15 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 11:15 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 11:15 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 11:15 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 11:15 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 11:15 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 11:15 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-10 11:15 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 11:15 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 11:15 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 11:15 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 11:15 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 11:15 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 11:15 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 11:15 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 11:15 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 11:15 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 11:15 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 11:15 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 11:15 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 11:15 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 11:15 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 11:15 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 11:15 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 11:15 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 11:15 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 11:14 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 11:14 - 2014-10-30 02:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-10 11:14 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 11:14 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 11:14 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 11:14 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 11:14 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 11:14 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-09 23:37 - 2014-12-09 23:37 - 00000873 _____ () C:\Users\KerMa\Desktop\checkup.txt 2014-12-09 23:34 - 2014-12-09 23:34 - 00852490 _____ () C:\Users\KerMa\Desktop\SecurityCheck.exe 2014-12-09 12:04 - 2014-12-09 12:04 - 02347384 _____ (ESET) C:\Users\KerMa\Desktop\esetsmartinstaller_deu.exe 2014-12-08 15:51 - 2014-12-08 15:51 - 00000625 _____ () C:\Users\KerMa\Desktop\JRT.txt 2014-12-08 15:37 - 2014-12-08 15:37 - 00000000 ____D () C:\Windows\ERUNT 2014-12-08 15:35 - 2014-12-08 15:35 - 01707646 _____ (Thisisu) C:\Users\KerMa\Desktop\JRT.exe 2014-12-08 15:33 - 2014-12-08 15:33 - 00001287 _____ () C:\Users\KerMa\Desktop\AdwCleaner[S3].txt 2014-12-08 15:23 - 2014-12-08 15:26 - 00000000 ____D () C:\AdwCleaner 2014-12-08 15:23 - 2014-12-08 15:23 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-08 15:22 - 2014-12-08 15:22 - 02153472 _____ () C:\Users\KerMa\Desktop\AdwCleaner_4.104.exe 2014-12-08 15:20 - 2014-12-08 15:20 - 00001203 _____ () C:\Users\KerMa\Desktop\mbam.txt 2014-12-08 15:06 - 2014-12-08 15:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-08 15:06 - 2014-12-08 15:06 - 00001074 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-08 15:06 - 2014-12-08 15:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-08 15:06 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-08 15:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-08 15:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-08 15:05 - 2014-12-08 15:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\KerMa\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-07 14:42 - 2014-12-07 14:42 - 00000000 ____D () C:\Users\KerMa\Desktop\Quick Immo - DaSi 2014-12-07 12:40 - 2014-12-07 12:41 - 00000000 ___SD () C:\ComboFix 2014-12-07 12:07 - 2014-12-07 12:41 - 00000000 ____D () C:\Qoobox 2014-12-07 12:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-07 12:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-07 12:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-07 12:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-07 12:06 - 2014-12-07 12:19 - 00000000 ____D () C:\Windows\erdnt 2014-12-07 12:04 - 2014-12-07 12:04 - 05600430 ____R (Swearware) C:\Users\KerMa\Desktop\ComboFix.exe 2014-12-07 11:14 - 2014-12-07 11:15 - 00049223 _____ () C:\Users\KerMa\Desktop\Addition.txt 2014-12-07 11:13 - 2014-12-10 19:21 - 00014269 _____ () C:\Users\KerMa\Desktop\FRST.txt 2014-12-07 11:13 - 2014-12-10 19:21 - 00000000 ____D () C:\FRST 2014-12-07 11:04 - 2014-12-07 11:04 - 01111040 _____ (Farbar) C:\Users\KerMa\Desktop\FRST.exe 2014-12-05 20:09 - 2014-12-05 20:09 - 00200668 _____ () C:\Users\KerMa\Desktop\FRITZ.Box Fon WLAN 7270 v2 54.05.54_05.12.14_2009.export 2014-11-29 08:01 - 2014-11-29 08:01 - 00000199 _____ () C:\Windows\system32\2014-11-29-07-01-38.005-AvastVBoxSVC.exe-2268.log 2014-11-28 16:23 - 2014-11-28 16:24 - 00305064 _____ () C:\Users\KerMa\Desktop\support FRITZ.Box Fon WLAN 7270 v2 54.05.54_28.11.14_1623.txt 2014-11-28 10:14 - 2014-11-28 10:14 - 00000199 _____ () C:\Windows\system32\2014-11-28-09-14-32.095-AvastVBoxSVC.exe-2356.log 2014-11-25 10:15 - 2014-11-25 10:15 - 00000249 _____ () C:\Windows\system32\2014-11-25-09-15-05.025-aswFe.exe-4424.log 2014-11-25 09:56 - 2014-11-25 10:14 - 00000249 _____ () C:\Windows\system32\2014-11-25-08-56-24.032-aswFe.exe-3484.log 2014-11-25 09:56 - 2014-11-25 09:56 - 00000199 _____ () C:\Windows\system32\2014-11-25-08-56-08.047-AvastVBoxSVC.exe-5512.log 2014-11-22 11:44 - 2014-11-22 11:44 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-44-04.089-aswFe.exe-5932.log 2014-11-22 11:26 - 2014-11-22 11:43 - 00000249 _____ () C:\Windows\system32\2014-11-22-10-26-56.055-aswFe.exe-728.log 2014-11-22 11:26 - 2014-11-22 11:26 - 00000199 _____ () C:\Windows\system32\2014-11-22-10-26-40.079-AvastVBoxSVC.exe-3656.log 2014-11-22 11:06 - 2014-11-22 11:07 - 00000000 ____D () C:\Windows\system32\vbox 2014-11-22 10:58 - 2014-12-10 19:13 - 00017340 _____ () C:\Windows\PFRO.log 2014-11-21 14:06 - 2014-11-21 14:05 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-11-21 14:05 - 2014-11-21 14:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-11-19 09:26 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 09:26 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-16 03:12 - 2014-11-16 03:12 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Macromedia 2014-11-16 00:41 - 2014-11-16 00:41 - 00001131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-16 00:41 - 2014-11-16 00:41 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\ProgramData\Mozilla 2014-11-16 00:41 - 2014-11-16 00:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\Users\KerMa\AppData\Local\NVIDIA 2014-11-15 00:15 - 2014-11-15 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-11-15 00:09 - 2014-07-02 18:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Floodlight Games 2014-11-12 14:04 - 2014-11-12 14:04 - 00000000 ____D () C:\ProgramData\Floodlight Games 2014-11-12 11:32 - 2014-11-12 11:32 - 00000000 __SHD () C:\Users\KerMa\AppData\Local\EmieBrowserModeList 2014-11-12 09:07 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 09:07 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 09:07 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 09:07 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 09:07 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 09:07 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 09:07 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 09:07 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 09:07 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 09:06 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 09:06 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 09:06 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 09:06 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 09:06 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 09:06 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 07:15 - 2014-12-10 19:13 - 00003772 _____ () C:\Windows\setupact.log 2014-11-11 07:15 - 2014-11-11 07:15 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-11 07:14 - 2014-11-12 11:26 - 00284168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 00:38 - 2014-11-11 00:38 - 00061288 _____ () C:\Users\KerMa\AppData\Local\GDIPFONTCACHEV1.DAT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-10 19:16 - 2010-04-29 13:08 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-10 19:15 - 2014-02-15 01:50 - 00000000 ___RD () C:\Users\KerMa\Dropbox 2014-12-10 19:15 - 2014-02-15 01:48 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Dropbox 2014-12-10 19:15 - 2010-04-27 22:17 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Skype 2014-12-10 19:14 - 2014-05-02 09:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-12-10 19:13 - 2012-09-05 14:52 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-10 19:13 - 2010-04-29 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-10 19:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-10 19:12 - 2014-05-20 19:56 - 01766879 _____ () C:\Windows\WindowsUpdate.log 2014-12-10 19:10 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-12-10 19:02 - 2012-04-04 07:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-10 18:16 - 2014-10-12 08:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 16:15 - 2013-10-10 15:48 - 00000000 ____D () C:\Windows\rescache 2014-12-10 16:02 - 2012-04-04 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-10 16:02 - 2011-05-16 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-10 15:35 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-10 15:35 - 2009-07-14 05:34 - 00022720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-10 15:26 - 2014-04-30 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-12-10 15:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 15:02 - 2013-08-13 08:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 15:02 - 2010-03-13 22:11 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-08 12:22 - 2013-12-10 15:03 - 00000000 ____D () C:\QuickImmobilie 2014 2014-12-08 12:17 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-12-07 17:18 - 2011-06-15 22:04 - 00020480 ___SH () C:\Users\KerMa\Thumbs.db 2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-12-07 12:20 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-12-07 12:19 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2014-12-07 12:18 - 2010-03-13 21:34 - 00000000 ____D () C:\Users\KerMa 2014-12-07 02:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-30 17:14 - 2013-02-27 08:55 - 00000000 ____D () C:\Users\KerMa\Desktop\Damo 2014-11-22 11:07 - 2013-02-06 14:00 - 00000000 ____D () C:\Users\KerMa\AppData\Local\Google 2014-11-22 11:07 - 2010-03-27 19:05 - 00000000 ____D () C:\Program Files\Google 2014-11-22 11:03 - 2010-03-13 23:37 - 00000000 ____D () C:\Users\KerMa\Desktop\Tools 2014-11-21 14:05 - 2014-05-01 09:17 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-11-21 14:05 - 2013-12-20 11:55 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-11-21 14:05 - 2013-03-15 23:38 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-11-21 14:05 - 2013-03-15 23:38 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-11-21 14:05 - 2012-02-25 17:52 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-11-21 14:05 - 2011-03-29 14:44 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-11-21 14:05 - 2010-03-13 22:52 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-11-21 14:05 - 2010-03-13 22:51 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-11-16 00:41 - 2014-01-16 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-15 19:52 - 2014-02-15 01:50 - 00001025 _____ () C:\Users\KerMa\Desktop\Dropbox.lnk 2014-11-15 19:52 - 2014-02-15 01:49 - 00000000 ____D () C:\Users\KerMa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-15 00:10 - 2012-09-05 14:48 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-11-15 00:10 - 2010-03-13 23:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-11-12 14:02 - 2011-07-22 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills 2014-11-12 14:00 - 2014-05-23 11:36 - 00000000 ____D () C:\Program Files\DEUTSCHLAND SPIELT 2014-11-12 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-12 12:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles Files to move or delete: ==================== C:\Users\Admin\autoplaylist.dat C:\Users\Admin\cddbcontrol.dll C:\Users\Admin\cddblink.dll C:\Users\Admin\cddbmusicid.dll C:\Users\Admin\convert.exe C:\Users\Admin\dbghelp.dll C:\Users\Admin\dunzip32.dll C:\Users\Admin\fixrjb.exe C:\Users\Admin\hxaudiodevicehook.dll C:\Users\Admin\ierjplug.dll C:\Users\Admin\keys.dat C:\Users\Admin\mc_enc_mp4v.dll C:\Users\Admin\mmcdda32.dll C:\Users\Admin\rdsf3260.dll C:\Users\Admin\realconverter.exe C:\Users\Admin\realjbox.exe C:\Users\Admin\realplay.exe C:\Users\Admin\realshare.exe C:\Users\Admin\realtrimmer.exe C:\Users\Admin\recordingmanager.exe C:\Users\Admin\rjbres.dll C:\Users\Admin\rjdlg.dll C:\Users\Admin\rjprog.dll C:\Users\Admin\rjwmapln.dll C:\Users\Admin\rndevicedbbuilder.exe C:\Users\Admin\rpau3260.dll C:\Users\Admin\rphelperapp.exe C:\Users\Admin\rpplugprot.dll C:\Users\Admin\rpshell.dll C:\Users\Admin\rpshellsearch.dll C:\Users\Admin\rpwa3260.dll C:\Users\Admin\strs23.dat C:\Users\Admin\strs26.dat C:\Users\Admin\tnetdtct.dll C:\Users\Admin\tpasdk.dll C:\Users\Admin\tsasdk.dll C:\Users\Admin\wmdmhelper.dll Some content of TEMP: ==================== C:\Users\KerMa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwekabk.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 14:41 ==================== End Of Log ============================ |
11.12.2014, 19:51 | #10 |
/// the machine /// TB-Ausbilder | WicaInventory.exe Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |