|
Plagegeister aller Art und deren Bekämpfung: Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von AviraWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.12.2014, 22:32 | #1 |
| Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira Hallo, nachdem mir hier vor vielen, vielen Jahren einmall sehr geholfen wurde, geht es nun um das Laptop meines Vaters. Einfach die Frage, ob ich mich länger mit der Bereinigung des Rechners aufhalten soll, oder besser gleich alles platt machen und neu aufsetzen. Windows 8.1 64-Bit mit allen Updates, nur ist er bei der Installation von irgendwelchen Programmen nicht immer bereit sich immer alles durchzulesen, so bekommt er z.B. regelmäßig die Ask-Toolbar mit in den Browser. Nun ist es aber schlimmer. T-Online-Browser funktioniert noch, alle anderen, besonders Chrome überschütten einen mit Werbepopups und neuen Fenstern, Werbeanzeigen. Besonders geht es los, wenn man auf eine Seite geht, auf der man sich anmelden muss, also z.B. Webmail oder Shops. Sobald man den Username eingeben will (mache ich natürlich nicht), geht es los. Immer angeblich irgendwelche Sicherheitssoftware, Windows-Berichtigungen, etc. Leider habe ich erst jetzt gelesen, was man heute als Logfiles hier will, ich habe nämlich ganz brav ein Logfile wie früher mit HijackThis erstellt. Deshalb erst einmal das Logfile von Avira: Code:
ATTFilter Exportierte Ereignisse: 25.12.2014 21:41 [System-Scanner] Malware gefunden Die Datei 'E:\download\Festplatte sonsige Dateien\HDDRIVE2GO\Allgemein\downloads\PocketPC\erfolg.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Agent.kma.3' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '508de6b4.qua' verschoben! 25.12.2014 21:40 [Echtzeit-Scanner] Malware gefunden In der Datei 'E:\dateien\Allgemein\downloads\PocketPC\erfolg.exe' wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Agent.kma.3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 25.12.2014 21:37 [Echtzeit-Scanner] Malware gefunden In der Datei 'E:\download\Festplatte sonsige Dateien\HDDRIVE2GO\Allgemein\downloads\PocketPC\erfolg.exe' wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Agent.kma.3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Irgendwie finde ich zu der Meldung nicht was das für ein Trojaner ist. Mein Wunsch wäre einfach eine Einschätzung ob Desinfektion oder doch besser neu Aufsetzen und vielleicht hilft dabei das Hijackthis-Logfile, auch wenn ich nun weíß, dass es heute nicht mehr genau genug für euch ist. Wenn ich die Rückmeldung bekomme es lohnt sich die Desinfektion, werde ich die anderen Sachen ausführen, um die heute gewünschten Logfiles zu bekommen. Danke im Voraus Hier nun das HijackThis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 19:08:17, on 25.12.2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\WINDOWS\SysWOW64\Rundll32.exe C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\herbert\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_ie_sp_ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: BrowseToolE0191 - {40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: MimalaAmazonToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing) O2 - BHO: NCH DE - {b106b661-3e1b-4015-af5c-195e909f35c6} - (no file) O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll O2 - BHO: AlxHelper - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll O3 - Toolbar: Mimala Amazon Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing) O3 - Toolbar: Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [EPGServiceTool] C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TRAYSE~1.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [phonostar-PlayerTimer] "C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BackgroundContainer] "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\herbert\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun O4 - HKCU\..\Run: [lollipop_03061728] lollipop_03061728 O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AutoStart IR.lnk = C:\Program Files (x86)\WinTV\Ir.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll c:\program files (x86)\optimizer pro\optprocrash.dll O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe O23 - Service: Browser 7 Maintenance Service (Browser7Maintenance) - Deutsche Telekom AG - C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: EPGService - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\EPG Services\System\EPGService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (file missing) O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service for AMZN - Unknown owner - C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16996 bytes |
25.12.2014, 22:46 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira Nö
__________________Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
26.12.2014, 07:57 | #3 |
| Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira Hallo Jürgen,
__________________herzlichen Dank, dass du mit helfen willst. Hier wie von dir beschrieben die Logfiles nach Schritt 1 - übrigens wenn ich hier auf dem Laptop meines Vaters auf das Code-Icon im Textfeld gehe, passiert gar nichts - nur falls das auch ein Hinweis sein könnte: FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014 Ran by herbert (administrator) on HERBERT-PC on 26-12-2014 07:41:13 Running from C:\Users\herbert\Desktop Loaded Profile: herbert (Available profiles: herbert & DefaultAppPool) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\EPG Services\System\EPGService.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE () C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe (Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (Activeris) C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (Hauppauge Inc.) C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (fun communications GmbH, hxxp://www.fun.de) C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\Notifier.exe (Deutsche Telekom AG) C:\Program Files (x86)\T-Online\T-Online_Software_6\Browser\browser.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [Power Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated) HKLM\...\Run: [HCWemmon] => C:\WINDOWS\HCWemmon.exe [61440 2007-03-29] (eMPIA Technology, Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295744 2011-02-15] (NTI Corporation) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [EPGServiceTool] => C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe [675840 2007-08-01] (Hauppauge Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.) HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-06-25] (Sony Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe [90112 2007-03-29] (MAGIX AG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-21] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [phonostar-PlayerTimer] => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe [42496 2012-10-13] () HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation) HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [BackgroundContainer] => "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\herbert\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [lollipop_03061728] => lollipop_03061728 HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135112 2014-05-15] (PC Utilities Software Limited) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD) AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2720144 2014-05-19] () AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD) AppInit_DLLs-x32: c:\program files (x86)\optimizer pro\optprocrash.dll => "c:\program files (x86)\optimizer pro\optprocrash.dll" File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\herbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} HKU\S-1-5-21-3195340951-745995918-4157368257-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7 HKU\S-1-5-21-3195340951-745995918-4157368257-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013 HKU\S-1-5-21-3195340951-745995918-4157368257-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ie_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_ie_sp_ HKU\S-1-5-21-3195340951-745995918-4157368257-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013 URLSearchHook: HKLM-x32 - (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File URLSearchHook: HKLM-x32 - (No Name) - {b106b661-3e1b-4015-af5c-195e909f35c6} - No File SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M004816A0-C0AE-429D-AE90-AEA27E408AEB&SearchSource=58&CUI=&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&q={searchTerms}&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV= SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=657d4aec-e7d7-0dad-76b8-609a49b3e768&searchtype=ds&q={searchTerms}&installDate=07/12/2013 SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M004816A0-C0AE-429D-AE90-AEA27E408AEB&SearchSource=58&CUI=&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&q={searchTerms}&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV= SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386944312&from=adks&uid=WDCXWD5000BPVT-22HXZT1_WD-WXM1E11RYJV7RYJV7&q={searchTerms} BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: No Name -> {40c3cc16-7269-4b32-9531-17f2950fb06f} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: MimalaAmazonToolbar.ShowToolbarBHO -> {86a3cdaa-9b25-480e-b73f-c2d359b87966} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: No Name -> {b106b661-3e1b-4015-af5c-195e909f35c6} -> No File BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com) BHO-x32: AlxHelper Class -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com) Toolbar: HKLM-x32 - Mimala Amazon Toolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File Toolbar: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> No Name - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No File Toolbar: HKU\S-1-5-21-3195340951-745995918-4157368257-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M004816A0-C0AE-429D-AE90-AEA27E408AEB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV= FF DefaultSearchEngine: Trovi search FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms} FF SelectedSearchEngine: Trovi search FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_ff_sp_ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3195340951-745995918-4157368257-1000: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll No File FF user.js: detected! => C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\searchplugins\trovi-search.xml FF SearchPlugin: C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\searchplugins\Web Search.xml FF Extension: Widget context - C:\Users\herbert\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-15] FF Extension: MediaPlayerplus - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-07-27] FF Extension: Amazon Browser Bar - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\abb@amazon.com [2013-09-04] FF Extension: Cliqz Beta - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\cliqz@cliqz.com [2014-10-12] FF Extension: enterprise 1.1 - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com [2014-09-21] FF Extension: Feven Pro 1.2 - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\e49d3f99-7c89-4eb4-99f3-ff903e2189b2@5288754a-7a48-41a0-a10f-e98c9ac12040.com [2014-07-27] FF Extension: Value Apps - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-15] FF Extension: Zula Games - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\zulagames@ZulaGames.com.xpi [2014-01-04] FF Extension: Address Bar Search - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-27] FF Extension: BonanzaDeals - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-19] FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox FF HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\herbert\AppData\Roaming\Mozilla\Firefox\Profiles\d120on5k.default\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_cr_sp_ CHR StartupUrls: Default -> "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_ce1985dbeff74c29bd3cb9becc3f7032_39_1006_20130904_DE_cr_sp_" CHR DefaultSearchKeyword: Default -> trovi.com CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M004816A0-C0AE-429D-AE90-AEA27E408AEB&SearchSource=58&CUI=&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&q={searchTerms}&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV= CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=2&UP=SP9664C388-2041-428E-B9AA-DD72667F1EDA&SAT=CNTS CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} CHR Profile: C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15] CHR Extension: (Zula Games) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn [2013-10-13] CHR Extension: (Domain Error Assistant) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2013-01-03] CHR Extension: (Lightning Newtab) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-10-05] CHR Extension: (MPlayerplus_01) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-07-01] CHR Extension: (Slick Savings) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-01-03] CHR Extension: (Google Wallet) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21] CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2013-12-21] CHR HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2013-03-21] CHR HKLM-x32\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Users\herbert\AppData\Roaming\BabSolution\CR\searchgol.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [fagpjgjmoaccgkkpjeoinehnoaimnbla] - C:\Users\herbert\AppData\Roaming\BabSolution\CR\hola.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\herbert\AppData\Roaming\zulagames\zulagames.crx [2013-10-03] CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2013-11-06] CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\herbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-10-05] CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26] CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\herbert\AppData\Local\Temp\tbch.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-21] (Avira Operations GmbH & Co. KG) R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [112128 2014-08-20] (Deutsche Telekom AG) [File not signed] R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3320640 2014-12-10] (Client Connect LTD) R2 EPGService; C:\Program Files (x86)\WinTV\EPG Services\System\EPGService.exe [374272 2007-09-05] (Hauppauge Computer Works) [File not signed] R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [873064 2011-02-22] (Acer Incorporated) S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed] R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-11-11] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation) S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed] R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] () S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-11] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-11-11] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-11-11] (Microsoft Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) S3 synusb64; C:\Windows\System32\drivers\synusb64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) U3 idsvc; No ImagePath R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 07:41 - 2014-12-26 07:41 - 00034017 _____ () C:\Users\herbert\Desktop\FRST.txt 2014-12-26 07:40 - 2014-12-26 07:41 - 00000000 ____D () C:\FRST 2014-12-26 07:39 - 2014-12-26 07:39 - 02122240 _____ (Farbar) C:\Users\herbert\Desktop\FRST64.exe 2014-12-25 21:55 - 2014-12-25 21:55 - 00002028 _____ () C:\Users\herbert\Downloads\Ereignisse.txt 2014-12-25 21:54 - 2014-12-25 21:54 - 00000000 ____D () C:\Users\herbert\Documents\Neuer Ordner (3) 2014-12-25 21:53 - 2014-12-25 21:53 - 00000000 ____D () C:\Users\herbert\Documents\Neuer Ordner (2) 2014-12-25 19:08 - 2014-12-25 19:08 - 00016998 _____ () C:\Users\herbert\Downloads\hijackthis.log 2014-12-25 19:03 - 2014-12-25 19:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\herbert\Downloads\HijackThis.exe 2014-12-25 19:00 - 2014-12-25 19:01 - 42184784 _____ (Google Inc.) C:\Users\herbert\Downloads\chromestandalonesetup.exe 2014-12-25 05:57 - 2014-12-25 05:57 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 05:56 - 2014-12-26 05:56 - 00000000 ____D () C:\Users\herbert\AppData\Local\{B881C34B-041A-44A8-A222-5FE741D45734} 2014-12-24 06:52 - 2014-12-24 06:52 - 00000000 ____D () C:\Users\herbert\AppData\Local\{068CFA4F-791E-4E36-A2B0-7B630074705E} 2014-12-23 10:38 - 2014-12-23 10:38 - 00000000 ____D () C:\Users\herbert\AppData\Local\{7AA42C53-0B99-465F-AAA2-6C60471EBC86} 2014-12-21 19:40 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-21 19:40 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-21 19:36 - 2014-12-21 19:36 - 00775968 _____ (Reimage®) C:\Users\herbert\Downloads\ReimageRepair (2).exe 2014-12-21 19:24 - 2014-12-21 19:24 - 00000000 __SHD () C:\Users\herbert\AppData\Local\EmieBrowserModeList 2014-12-21 19:20 - 2014-12-25 05:57 - 00003106 _____ () C:\WINDOWS\System32\Tasks\Activeris AntiMalware_startup 2014-12-21 19:18 - 2014-12-21 19:18 - 00000000 ____D () C:\Users\herbert\AppData\Local\{A1E58E48-33EF-48C5-8C44-348E8496EE52} 2014-12-14 09:57 - 2014-12-14 09:57 - 00000921 _____ () C:\Users\herbert\Desktop\Bilder - Verknüpfung.lnk 2014-12-14 09:44 - 2014-12-14 09:44 - 00000000 ____D () C:\Users\herbert\AppData\Local\{95BABF5B-03DE-4A5A-923D-6454A6DD1FDB} 2014-12-13 17:25 - 2014-12-13 17:25 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2014-12-13 15:15 - 2014-12-13 15:16 - 00000000 ____D () C:\Users\herbert\Documents\schapprechnung 2014-12-13 15:11 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-13 15:11 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-13 15:11 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-13 15:11 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-13 14:56 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-13 14:56 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-13 14:55 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-12-13 14:55 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2014-12-13 14:55 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-12-13 14:55 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2014-12-13 14:55 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2014-12-13 14:55 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-12-13 14:55 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-12-13 14:55 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-13 14:55 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-13 14:55 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-13 14:55 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-13 14:55 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-13 14:55 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-13 14:55 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-13 14:55 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-13 14:55 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-13 14:55 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-13 14:55 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-13 14:55 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-13 14:55 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-13 14:55 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-13 14:55 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-13 14:55 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-13 14:55 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-13 14:55 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-13 14:55 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-13 14:55 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-13 14:55 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-13 14:55 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-13 14:55 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-13 14:55 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-13 14:55 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-13 14:55 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-13 14:55 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-13 14:55 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-13 14:55 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-13 14:55 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-13 14:55 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-13 14:55 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-13 14:55 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-13 14:55 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-13 14:55 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-13 14:55 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-13 14:55 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-13 14:55 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-13 14:55 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-13 14:55 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-13 14:55 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-13 14:55 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-13 14:55 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-13 14:55 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-13 14:55 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-13 14:28 - 2014-12-13 14:28 - 00000000 ____D () C:\Users\herbert\AppData\Local\{E8F526FE-FF48-4A33-8F60-F82617D024E5} 2014-11-28 11:43 - 2014-11-28 11:43 - 00000000 ____D () C:\Users\herbert\AppData\Local\{3E6A1AA4-617C-4AE7-A768-EF8A79B08873} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 07:39 - 2011-10-16 17:15 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-26 07:32 - 2014-05-19 17:32 - 00001404 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-7.job 2014-12-26 07:32 - 2014-04-14 18:32 - 00000304 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job 2014-12-26 07:02 - 2014-09-21 19:02 - 00003482 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6.job 2014-12-26 07:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-26 06:51 - 2012-04-01 08:06 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-12-26 06:41 - 2013-11-12 17:16 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2014-12-26 06:33 - 2014-05-19 17:33 - 00002230 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-4.job 2014-12-26 06:33 - 2014-05-19 17:33 - 00001548 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-5.job 2014-12-26 06:33 - 2014-05-19 17:33 - 00001466 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-1.job 2014-12-26 06:33 - 2014-05-19 17:33 - 00001446 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-2.job 2014-12-26 06:32 - 2014-05-19 17:32 - 00003822 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-3.job 2014-12-26 06:32 - 2014-05-19 17:32 - 00001476 _____ () C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-6.job 2014-12-26 05:55 - 2013-11-11 17:43 - 01984983 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-26 05:45 - 2013-09-30 05:14 - 02091098 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-26 05:45 - 2013-09-30 04:58 - 00888252 _____ () C:\WINDOWS\system32\perfh007.dat 2014-12-26 05:45 - 2013-09-30 04:58 - 00205708 _____ () C:\WINDOWS\system32\perfc007.dat 2014-12-26 05:42 - 2012-10-29 15:01 - 00050688 ___SH () C:\Users\herbert\Desktop\Thumbs.db 2014-12-25 20:03 - 2014-09-21 19:03 - 00002458 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5_user.job 2014-12-25 20:03 - 2014-09-21 19:03 - 00002458 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.job 2014-12-25 20:03 - 2014-09-21 19:03 - 00002122 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2.job 2014-12-25 20:02 - 2014-09-21 19:02 - 00004508 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11.job 2014-12-25 20:02 - 2014-09-21 19:02 - 00003826 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4.job 2014-12-25 20:02 - 2014-09-21 19:02 - 00003482 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7.job 2014-12-25 20:02 - 2014-09-21 19:02 - 00002784 _____ () C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-1.job 2014-12-25 16:39 - 2011-10-16 17:15 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-25 05:55 - 2014-05-06 17:50 - 00000000 ___RD () C:\Users\herbert\OneDrive 2014-12-25 05:55 - 2014-04-14 18:32 - 00000318 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job 2014-12-25 05:55 - 2013-01-14 18:38 - 00000384 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job 2014-12-25 05:55 - 2011-09-22 17:31 - 00000000 ____D () C:\Users\herbert\Tracing 2014-12-25 05:54 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-24 07:17 - 2012-10-29 15:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3195340951-745995918-4157368257-1000 2014-12-24 06:49 - 2013-09-29 20:05 - 00302704 _____ () C:\WINDOWS\PFRO.log 2014-12-23 11:17 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-12-21 21:33 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-12-21 20:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-12-21 20:40 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-12-21 20:13 - 2014-08-13 17:52 - 00144695 _____ () C:\WINDOWS\system32\ScanResults.xml 2014-12-21 19:37 - 2014-08-03 18:00 - 00000165 _____ () C:\WINDOWS\Reimage.ini 2014-12-21 19:22 - 2014-05-20 17:44 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-12-21 19:16 - 2014-08-12 13:50 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2014-12-14 10:19 - 2013-11-11 17:22 - 00000000 ____D () C:\Users\herbert 2014-12-14 10:03 - 2013-11-12 19:00 - 00188928 ___SH () C:\Users\herbert\Downloads\Thumbs.db 2014-12-13 17:25 - 2014-07-20 14:07 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-12-13 17:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-13 17:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-13 17:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-12-13 17:13 - 2011-09-22 13:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-13 17:12 - 2013-08-16 15:32 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-12-13 17:03 - 2011-11-03 07:00 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-13 16:19 - 2012-08-16 14:53 - 00000000 ____D () C:\Users\herbert\Documents\krankenkasse 2014-12-13 16:00 - 2014-05-19 17:32 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-12-13 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2014-12-13 15:18 - 2013-08-22 15:46 - 00351419 _____ () C:\WINDOWS\setupact.log 2014-12-13 15:08 - 2013-01-16 14:44 - 00000000 ____D () C:\Users\herbert\Documents\Abrechnung 2013 2014-12-13 14:51 - 2012-04-01 08:06 - 00003796 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-12-13 14:43 - 2011-10-16 17:15 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-13 14:33 - 2014-10-13 15:26 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-26 22:10 - 2014-10-20 18:56 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-26 22:10 - 2014-10-20 18:56 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.3824.dll Some content of TEMP: ==================== C:\Users\herbert\AppData\Local\Temp\AF1.exe C:\Users\herbert\AppData\Local\Temp\amsetup_activeris_default_010414_installer.exe C:\Users\herbert\AppData\Local\Temp\avgnt.exe C:\Users\herbert\AppData\Local\Temp\BackupSetup.exe C:\Users\herbert\AppData\Local\Temp\cloud_backup_setup.exe C:\Users\herbert\AppData\Local\Temp\dlLogic.exe C:\Users\herbert\AppData\Local\Temp\dltr.exe C:\Users\herbert\AppData\Local\Temp\GCVerifier.dll C:\Users\herbert\AppData\Local\Temp\newvideoplayersetup.exe C:\Users\herbert\AppData\Local\Temp\nsc1FCD.exe C:\Users\herbert\AppData\Local\Temp\nsg1C42.exe C:\Users\herbert\AppData\Local\Temp\nssC91B.exe C:\Users\herbert\AppData\Local\Temp\nst2339.exe C:\Users\herbert\AppData\Local\Temp\nsuCC2A.exe C:\Users\herbert\AppData\Local\Temp\nswC5DE.exe C:\Users\herbert\AppData\Local\Temp\ReimagePackage.exe C:\Users\herbert\AppData\Local\Temp\Runner.exe C:\Users\herbert\AppData\Local\Temp\Setup.exe C:\Users\herbert\AppData\Local\Temp\spidentifierimpl.exe C:\Users\herbert\AppData\Local\Temp\SPSetup.exe C:\Users\herbert\AppData\Local\Temp\sqlite3.exe C:\Users\herbert\AppData\Local\Temp\Update_Simplitec_PowerSuite_1.5.2.2de_DE.exe C:\Users\herbert\AppData\Local\Temp\verifier.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 08:12 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2014 Ran by herbert at 2014-12-26 07:42:38 Running from C:\Users\herbert\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Activeris AntiMalware (HKLM-x32\...\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1) (Version: 1.0.0.1 - Activeris) <==== ATTENTION Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated) Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden Amazon Browser Bar (HKLM\...\Amazon Browser Bar) (Version: 3.0.2012.0802 - Amazon) <==== ATTENTION Amazon Browser Settings (HKLM-x32\...\Amazon Browser Settings) (Version: 3.0 - Amazon) Amazon Kindle (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle For PC v1.0 (HKLM-x32\...\Amazon Kindle For PC) (Version: - ) Amazon Kindle For PC v1.0 (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\Amazon Kindle For PC) (Version: - ) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar Updater (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.36191 - Ask.com) <==== ATTENTION Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{580B9989-C624-2415-D922-56D856165564}) (Version: 3.0.808.0 - ATI Technologies, Inc.) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin) AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Browser 7 der Telekom 31.0.19 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.19 (x86 de)) (Version: 31.0.19 - Deutsche Telekom AG) Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG) calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - ) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP) Celestia 1.3.2 (HKLM-x32\...\Celestia_is1) (Version: - Shatters Software) CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.33 - Abelssoft) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com) Crazy Chicken Kart 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1421_35790 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Desktopicon Trends auf OTTO.de (HKLM\...\DesktopIconotto) (Version: 1.0.1 - ) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13345 - Landesfinanzdirektion Thüringen) FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.8 - MAGIX AG) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Hauppauge German Help Files and Resources (HKLM-x32\...\Hauppauge German Help Files and Resources) (Version: - ) Hauppauge MCE XP/Vista Software Encoder (2.0.25180) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25180 - Hauppauge Computer Works, Inc.) Hauppauge WinTV (HKLM-x32\...\Hauppauge WinTV) (Version: - ) Hauppauge WinTV DVB-T EPG Service (HKLM-x32\...\Hauppauge WinTV DVB-T EPG Service) (Version: - ) Hauppauge WinTV Infrared Remote (HKLM-x32\...\Hauppauge WinTV Infrared Remote) (Version: - ) Hauppauge WinTV Scheduler (HKLM-x32\...\Hauppauge WinTV Scheduler) (Version: - ) Hauppauge WinTV Soft PVR (HKLM-x32\...\Hauppauge WinTV Soft PVR) (Version: - ) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) iClone SE (HKLM-x32\...\{580EC579-E476-469F-9EBF-F82D696FC67A}) (Version: 2.1 - Reallusion Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Packard Bell) ImageConverter Plus 8.0 (HKLM-x32\...\ImageConverter Plus_is1) (Version: - fCoder Group, Inc.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation) InterVideo FilterSDK for Hauppauge (HKLM-x32\...\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}) (Version: - InterVideo Inc.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle) Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Packard Bell) Lollipop (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\lollipop_03061728) (Version: - Lollipop Network, S.L.) <==== ATTENTION MAGIX Foto Manager 2008 5.0.0.255 (D) (HKLM-x32\...\MAGIX Foto Manager 2008 D) (Version: 5.0.0.255 - MAGIX AG) MAGIX Fotobuch 3.2 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.2 - MAGIX AG) MAGIX Online Druck Service 2.3.2.0 (D) (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG) MAGIX PC Visit (HKLM-x32\...\MAGIX PC Visit D) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{1FF63306-EBC2-413D-927E-FA1323180AB1}) (Version: 7.0.2.6 - MAGIX Software GmbH) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden MAGIX Video deluxe 2008 PLUS 7.5.0.20 (D) (HKLM-x32\...\MAGIX Video deluxe 2008 PLUS D) (Version: 7.5.0.20 - MAGIX AG) MAGIX Video deluxe 2015 Plus (HKLM\...\MX.{0797C499-48E8-46E2-9C97-90034F46F5E6}) (Version: 14.0.0.140 - MAGIX Software GmbH) MAGIX Video deluxe 2015 Plus (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden MAGIX Video easy SE (HKLM-x32\...\MAGIX_{015B4C6B-BE3F-430F-B9EE-24505EDD16F1}) (Version: 3.0.1.46 - MAGIX AG) MAGIX Video easy SE (Version: 3.0.1.46 - MAGIX AG) Hidden MAGIX Xtreme Foto Designer 6 6.0.22.0 (D) (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.22.0 - MAGIX AG) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Express Edition - DEU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition - DEU) (Version: - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}) (Version: 3.5.21022 - Microsoft) Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation) Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation) minimal arts - Toolbar für amazon.de (HKLM-x32\...\{37D290AF-6602-4C22-9AF8-66CB7231C729}) (Version: 1.0.0 - minimal arts UG (haftungsbeschränkt)) MPlayerplus_01 (HKLM-x32\...\MPlayerplus_01) (Version: 1.34.5.12 - Freeven) <==== ATTENTION MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG) Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG) Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG) Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.2.4 - WildTangent) Packard Bell MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation) Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Packard Bell) Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Packard Bell) Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3004 - Packard Bell) Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.1025.2010 - Packard Bell ) Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2211 - CyberLink Corp.) Packard Bell Social Networks (x32 Version: 2.0.2211 - CyberLink Corp.) Hidden Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Packard Bell) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.) Schoener Fernsehen 0.0.0.2c (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.2c - © schoener-fernsehen.com) Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.10.160 - Client Connect LTD) <==== ATTENTION Search-Gol Chrome Toolbar (HKLM-x32\...\Search-Gol Chrome Toolbar) (Version: - Search-Gol) <==== ATTENTION Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - ) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Softonic toolbar on IE (HKLM-x32\...\Softonic) (Version: - Softonic) <==== ATTENTION Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH) Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated) T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - ) Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden TV-Browser 3.0.2 (HKLM-x32\...\tvbrowser) (Version: 3.0.2 - TV-Browser Team) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.) Video Web Camera (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.33 - NCH Software) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden VisualBee for Microsoft PowerPoint (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\VisualBee for Microsoft PowerPoint) (Version: V4.1 - VisualBee.com) VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION VTPlus32 für WinTV (German) (HKLM-x32\...\VTPlus32 für WinTV (German)) (Version: - ) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3102 - Packard Bell) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation) Zattoo Live TV (HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\6d7aa3e3bf931c56) (Version: 1.0.0.44 - Zattoo Europa AG) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-11-2014 11:41:14 Windows Update 13-12-2014 16:57:43 Windows Update 21-12-2014 20:32:00 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03A2394B-0C32-411E-AA47-C7D366566DAE} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: {08A62D71-8B47-482D-BD0A-3A7EBDDD4976} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-09-19] (CHIP) Task: {0A404381-5FD6-401F-B8D9-0CF4798ED86F} - System32\Tasks\{753FF5B1-8011-47A7-AF5B-94B52530CDEC} => D:\RUNME.EXE Task: {14FCAC6C-6470-41A7-B26C-651A8061D519} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.exe <==== ATTENTION Task: {1D13B308-C746-4CA5-A5D8-042059950727} - System32\Tasks\{2F7F2EA3-C045-41B3-80BD-3917B6F2F86B} => C:\Users\herbert\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-12-14] (Amazon.com) Task: {3052F74B-7ED8-490D-85CB-B92745CC2FBC} - System32\Tasks\{532AF74E-B7EB-4FE7-B38E-F6C9A493B358} => D:\RUNME.EXE Task: {38CE96E5-6B37-48C6-9AC9-09B1CF19C1C1} - System32\Tasks\{57F689A4-83C4-44EF-8E47-E9980C059929} => D:\RUNME.EXE Task: {3971BD60-36B7-466D-883E-DC11B03EDF86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated) Task: {43E0C29C-0256-4B9D-9880-F0EB12CE78B5} - System32\Tasks\{50AF5F82-1998-4926-A5BA-576E1B357F1F} => C:\Users\herbert\Downloads\lide20lide30n670un676un1240uvst7031a_xpde(1).exe Task: {44209798-C70E-4CCA-ACA2-646264E2CBB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.) Task: {4744C9C1-AB2B-4F2F-8FBB-D848FF34648D} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-5 => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-5.exe <==== ATTENTION Task: {4BAEBE6C-FF7F-4446-A714-63BAE4D9F369} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\herbert\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION Task: {4D381888-D20E-4BC0-B6F1-64D6A35B3EC9} - System32\Tasks\{71AB71B0-1476-4EF0-A809-AF14FDD1F27F} => pcalua.exe -a "C:\Users\herbert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MKAXGF8\DriverInstaller.exe" -d C:\Users\herbert\Desktop Task: {4F7625E8-4F38-496A-A2CD-F104DC6D267A} - System32\Tasks\{87D1E967-91D2-4128-A02C-8D59E7705472} => C:\Users\herbert\AppData\Local\Amazon\Kindle\application\Kindle.exe [2011-12-14] (Amazon.com) Task: {542AD80B-2959-4973-9E1E-44758F1592B3} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-4 => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-4.exe <==== ATTENTION Task: {61BD9B9A-C6DD-4C08-A415-558AF3E54579} - System32\Tasks\AdobeAAMUpdater-1.0-herbert-PC-herbert => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated) Task: {689618D9-6D10-462B-9002-026E0A435352} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-02-21] (CyberLink) Task: {6BC50602-778D-42A8-90C7-111C2F4C50E9} - System32\Tasks\{AFF7A02E-778C-4B22-9424-01CDC634456F} => D:\RUNME.EXE Task: {7151086C-6291-48F8-8E65-A45AD81C46CE} - System32\Tasks\simplitec Power Suite => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe Task: {797CE307-F441-4E8C-8819-F287BA9D2B66} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-3 => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-3.exe <==== ATTENTION Task: {7AC84241-1422-4A64-957D-452A014D9090} - System32\Tasks\{DFED496E-7EB1-4971-8DFB-E4B5978C95DC} => D:\RUNME.EXE Task: {7C0BB730-9D03-4DEE-9B8E-BA33A100BDD8} - System32\Tasks\{16FC39DC-8DC9-4A39-A641-2C14DA850DA7} => C:\Users\herbert\Downloads\lide20lide30n670un676un1240uvst7031a_xpde(1).exe Task: {80730CB7-A528-4EEE-94EA-BED250195383} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8CF9A25A-CB47-4BA1-ACB7-67C715C61BF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.) Task: {968F0803-4A8E-4251-899D-F5C88AF5D134} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: {97261265-0111-476D-AAFA-44031B4B62D4} - System32\Tasks\{2CC85AEA-4F32-4778-BFC6-81C9AE422F3A} => D:\RUNME.EXE Task: {978D1AAD-5275-4206-96C5-EA2BD15401D3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-fiedler-herbert@t-online.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated) Task: {99A02C9F-8F0F-4F40-A00F-349898F7FC60} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: {A520C125-4AC1-42FA-9764-AF0F5EBC24FD} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7.exe <==== ATTENTION Task: {AC111FC5-B97F-4402-98EE-7DE6B16EDA1F} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5_user => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.exe <==== ATTENTION Task: {ADD65C9E-3428-4BCC-854E-967B310C92F5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-13] (Microsoft Corporation) Task: {B9807DED-DCB9-45F0-9357-C1ADC8205A01} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-1 => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-codedownloader.exe <==== ATTENTION Task: {BF8005EC-35AB-48FA-A106-7E4327E849CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {C2E99D63-6709-4D97-88CA-79F495617018} - System32\Tasks\{FB318930-6340-4274-982F-3C314E4F323F} => D:\RUNME.EXE Task: {C532A2F0-2858-47DF-BDCD-B471B033CC09} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-6 => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-novainstaller.exe <==== ATTENTION Task: {C6A307B7-4EE3-4234-94CD-5B120D6C51EE} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-1 => C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-codedownloader.exe <==== ATTENTION Task: {C9B350A4-8245-4573-9723-AAFD6A21F204} - System32\Tasks\{E54B4202-79A3-4462-AF19-DE022726CD50} => pcalua.exe -a D:\setup.exe -d D:\ Task: {CD72B493-831E-4D1D-8720-52ECCF7332DF} - System32\Tasks\{63B80696-D49C-49E1-A07D-72EE9C22B0C2} => D:\RUNME.EXE Task: {CDE3BEFB-8129-4E7E-B366-4419109B09A4} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-7 => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-nova.exe <==== ATTENTION Task: {D293B07C-9F3A-44CF-A2E2-26DE05086C07} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4.exe <==== ATTENTION Task: {D4571CED-11B1-4529-9ED8-0F3DAAC85891} - System32\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-2 => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-2.exe <==== ATTENTION Task: {D5182EFC-1271-49B8-A847-156D1445F462} - System32\Tasks\{2BC0E3B4-CA33-4C46-8018-9DBF6E6E8247} => pcalua.exe -a C:\Users\herbert\Downloads\lide20lide30n670un676un1240uvst7031a_xpde\SetupSG.exe -d C:\Users\herbert\Downloads\lide20lide30n670un676un1240uvst7031a_xpde Task: {D5D0AB6F-C93F-4331-8C9B-9FEFE2D35A82} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2.exe <==== ATTENTION Task: {D94BBE7C-A5E2-4A44-A46B-4BE284695190} - System32\Tasks\{D8C2A99C-6C0C-4064-94C4-3F9F31B66C87} => D:\RUNME.EXE Task: {DE467FCE-8FBB-404C-B489-0DFEA11A62C2} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6.exe <==== ATTENTION Task: {DECBFB91-7ADB-4653-9BE4-A5F74C84E0DE} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris) <==== ATTENTION Task: {E913F6BA-304D-496F-A5BC-ECEBE9FD5292} - System32\Tasks\{83D253BA-DC0C-4BE3-9235-3BB6DA664BA3} => D:\RUNME.EXE Task: {EB85D009-50C3-4FAD-A3FA-CF0F26E8F1EA} - System32\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11 => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11.exe <==== ATTENTION Task: {EEBEF4F6-DAE1-4B8A-BD93-8CDAFAB61B12} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {F1F20FB5-7435-4D43-8775-BA011607BD4E} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-1.job => C:\Program Files (x86)\enterprise 1.1\enterprise 1.1-codedownloader.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-11.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-2.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-4.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5_user.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-5.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-6.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7.job => C:\Program Files (x86)\enterprise 1.1\81bf0a9e-e311-4bc3-8fbb-155e36cb5688-7.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-1.job => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-codedownloader.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-2.job => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-2.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-3.job => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-3.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-4.job => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-4.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-5.job => C:\Program Files (x86)\MPlayerplus_01\d73553dc-f069-47b3-8808-35e7c4b13dc7-5.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-6.job => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-novainstaller.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\d73553dc-f069-47b3-8808-35e7c4b13dc7-7.job => C:\Program Files (x86)\MPlayerplus_01\MPlayerplus_01-nova.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe Task: C:\WINDOWS\Tasks\simplitec Power Suite.job => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2012-10-30 07:17 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL 2011-09-23 14:09 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2013-03-21 19:24 - 2013-03-21 19:24 - 00222368 _____ () C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe 2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-09-22 19:58 - 2012-10-13 16:05 - 00042496 _____ () C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe 2014-11-13 10:59 - 2014-11-13 10:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll 2014-11-13 10:59 - 2014-11-13 10:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll 2014-11-13 10:59 - 2014-11-13 10:58 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll 2014-11-13 10:59 - 2014-11-13 10:57 - 00065536 _____ () C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll 2011-02-15 19:37 - 2011-02-15 19:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll 2011-02-15 19:37 - 2011-02-15 19:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\MailConverter32.dll 2011-02-15 19:36 - 2011-02-15 19:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\ACE.dll 2014-05-19 17:32 - 2012-09-26 14:31 - 00886272 _____ () C:\Program Files (x86)\Activeris AntiMalware\System.Data.SQLite.dll 2014-05-19 17:32 - 2014-01-23 18:04 - 01718264 _____ () C:\Program Files (x86)\Activeris AntiMalware\acrissys.dll 2014-05-19 17:32 - 2012-09-26 14:31 - 00168448 _____ () C:\Program Files (x86)\Activeris AntiMalware\UNRAR.DLL 2013-06-25 17:23 - 2013-06-25 17:23 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll 2013-05-23 18:54 - 2013-05-23 18:54 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll 2013-06-25 17:24 - 2013-06-25 17:24 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll 2014-10-22 15:30 - 2014-10-22 15:30 - 00169984 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\888ab4533ab915a9451bdae14d9c783e\IsdiInterop.ni.dll 2011-04-06 12:02 - 2011-01-13 01:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2011-09-23 06:30 - 2005-07-20 12:34 - 00700497 ____N () C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\libcurl.dll 2011-09-23 06:30 - 2004-04-16 15:45 - 00143360 ____N () C:\Program Files (x86)\T-Online\T-Online_Software_6\Notifier\libexpat.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\Users\herbert\OneDrive:ms-properties AlternateDataStreams: C:\Users\herbert\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "fst_de_19" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LManager" HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk" HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\StartupApproved\Run: => "lollipop_03061728" HKU\S-1-5-21-3195340951-745995918-4157368257-1000\...\StartupApproved\Run: => "Optimizer Pro" ========================= Accounts: ========================== Administrator (S-1-5-21-3195340951-745995918-4157368257-500 - Administrator - Disabled) ASPNET (S-1-5-21-3195340951-745995918-4157368257-1004 - Limited - Enabled) Gast (S-1-5-21-3195340951-745995918-4157368257-501 - Limited - Disabled) herbert (S-1-5-21-3195340951-745995918-4157368257-1000 - Administrator - Enabled) => C:\Users\herbert HomeGroupUser$ (S-1-5-21-3195340951-745995918-4157368257-1008 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Unbekanntes USB-Gerät (Fehler beim Zurücksetzen des Ports.) Description: Unbekanntes USB-Gerät (Fehler beim Zurücksetzen des Ports.) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2014 07:32:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0 Name des fehlerhaften Moduls: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00027bf9 ID des fehlerhaften Prozesses: 0x9e88 Startzeit der fehlerhaften Anwendung: 0xbrowser.exe0 Pfad der fehlerhaften Anwendung: browser.exe1 Pfad des fehlerhaften Moduls: browser.exe2 Berichtskennung: browser.exe3 Vollständiger Name des fehlerhaften Pakets: browser.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: browser.exe5 Error: (12/25/2014 09:35:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0 Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53086d7c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000499a8 ID des fehlerhaften Prozesses: 0xd1c8 Startzeit der fehlerhaften Anwendung: 0xbrowser.exe0 Pfad der fehlerhaften Anwendung: browser.exe1 Pfad des fehlerhaften Moduls: browser.exe2 Berichtskennung: browser.exe3 Vollständiger Name des fehlerhaften Pakets: browser.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: browser.exe5 Error: (12/25/2014 09:24:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (12/25/2014 07:04:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Notifier.exe, Version: 6.4.0.2, Zeitstempel: 0x45a38d1f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xdac4 Startzeit der fehlerhaften Anwendung: 0xNotifier.exe0 Pfad der fehlerhaften Anwendung: Notifier.exe1 Pfad des fehlerhaften Moduls: Notifier.exe2 Berichtskennung: Notifier.exe3 Vollständiger Name des fehlerhaften Pakets: Notifier.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Notifier.exe5 Error: (12/25/2014 08:13:41 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: ASP.NET_1.1.43228 Error: (12/25/2014 07:18:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0 Name des fehlerhaften Moduls: browser.exe, Version: 6.12.0.15, Zeitstempel: 0x4da6b0a0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00027bf9 ID des fehlerhaften Prozesses: 0xd3c Startzeit der fehlerhaften Anwendung: 0xbrowser.exe0 Pfad der fehlerhaften Anwendung: browser.exe1 Pfad des fehlerhaften Moduls: browser.exe2 Berichtskennung: browser.exe3 Vollständiger Name des fehlerhaften Pakets: browser.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: browser.exe5 Error: (12/24/2014 06:54:23 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: ASP.NET_1.1.43228 Error: (12/21/2014 07:21:58 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: ASP.NET_1.1.43228 Error: (12/21/2014 07:16:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000ffffffff ID des fehlerhaften Prozesses: 0x948 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0 Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1 Pfad des fehlerhaften Moduls: svchost.exe_stisvc2 Berichtskennung: svchost.exe_stisvc3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5 Error: (12/14/2014 10:16:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfc6 Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.9600.16384, Zeitstempel: 0x5215f944 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000001a79 ID des fehlerhaften Prozesses: 0xcd0 Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0 Pfad der fehlerhaften Anwendung: DllHost.exe1 Pfad des fehlerhaften Moduls: DllHost.exe2 Berichtskennung: DllHost.exe3 Vollständiger Name des fehlerhaften Pakets: DllHost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DllHost.exe5 System errors: ============= Error: (12/26/2014 06:59:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (12/26/2014 06:42:20 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (12/26/2014 06:42:10 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (12/26/2014 06:41:56 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (12/26/2014 06:38:22 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (12/26/2014 06:38:09 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (12/26/2014 06:37:54 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (12/25/2014 05:54:22 AM) (Source: HTTP) (EventID: 15005) (User: ) Description: \Device\Http\ReqQueue[::]:80 Error: (12/25/2014 05:54:22 AM) (Source: W3SVC) (EventID: 1004) (User: ) Description: Der WWW-Publishingdienst (WWW-Dienst) konnte das URL-Präfix "hxxp://*:80/" für die Website "1" nicht registrieren. Die Website wurde deaktiviert. Das Datenfeld enthält die Fehlernummer. Error: (12/24/2014 06:49:42 AM) (Source: HTTP) (EventID: 15005) (User: ) Description: \Device\Http\ReqQueue[::]:80 Microsoft Office Sessions: ========================= Error: (10/17/2011 01:44:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-11-28 12:36:48.340 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:36:48.168 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:36:47.965 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:36:47.590 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:36:47.465 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:36:47.090 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:36:40.533 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:36:33.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:16:49.297 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2014-11-28 12:07:28.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentage of memory in use: 44% Total physical RAM: 3947.86 MB Available physical RAM: 2188.93 MB Total Pagefile: 4741.3 MB Available Pagefile: 2533.23 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:445.66 GB) (Free:118.07 GB) NTFS Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:178.79 GB) NTFS Drive f: (HDDRIVE2GO) (Fixed) (Total:1862.56 GB) (Free:1803.95 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96D5FD3A) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: B377DBD9) Partition 1: (Active) - (Size=1863 GB) - (Type=0C) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5066EA98) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
26.12.2014, 11:30 | #4 |
| Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira Hallo Jürgen, Kommando zurück. Du brauchst nicht weitermachen. Mein Vater hat sich nun entschlossen, das System doch platt zu machen und neu aufzusetzen. Aber trotzdem auch in seinem Namen ein ganz herzliches Ich finde es wunderbar, dass es noch solche Seiten wie hier gibt, wie man das früher vor der Kommerzialisierung des Internets gemacht hat. Das Wissen austauschen und gegenseitig profitieren. Noch schöne Weihnachten und einen guten Rutsch, Gruß Ulrike |
26.12.2014, 14:31 | #5 |
/// TB-Ausbilder /// Anleitungs-Guru | Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira OK.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Win 8.1, Browser-Werbefester-"Gewitter" und Trojaner(?)-Meldung von Avira |
antivir, ask-toolbar, avg, avira, bho, bingbar, computer, defender, festplatte, flash player, frage, google, hijack, hijackthis, hijackthis logfile, installation, internet, internet explorer, launch, malware, object, packard bell, rundll, security, sehr geholfen, senden, troanjer, trojan, trojaner, updates, vc32loader.dll, virus, werbepopups |