| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.05.2015, 20:46
| #1 |
| |  Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung Hallo, kam heute morgen erst nach Neuverbindung des Routers wieder ins Internet (vom Stromnetz wegnehmen allein funzte nicht). Danach hatte ich die o.a. Probleme - ob nun Zufall oder nicht. Wenn ich zB auf Spiegel-Online, Bild oder Stern einen Link anklicke, dann erscheint neben den gewünschten Fenster auch eine zusätzliche Werbe-Seite. Bei anderen Seiten, zB bei Google passiert das nicht. Bin gestern abend noch auf diversen Hotel-Buchungsportalen gewesen - habe aber bewusst nichts heruntergeladen. Als Virenscanner habe ich Antivir, finde da aber kein besonderes Protokoll: Im Thunderbird habe ich in letzter Zeit keine Auffälligkeiten gehabt. Tip: ist natürlich nicht schön, weiter unten die Anhänge zu machen und dann wieder weiter oben fortzufahren, hoffentlich hat's gefunzt ... besser so? Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:04 on 26/05/2015 (alpha)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
_______________________________________________________________________________________________________
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-05-2015
Ran by alpha at 2015-05-26 19:12:41
Running from C:\Users\alpha\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2637245917-3735504695-533496390-500 - Administrator - Disabled)
alpha (S-1-5-21-2637245917-3735504695-533496390-1000 - Administrator - Enabled) => C:\Users\alpha
beta (S-1-5-21-2637245917-3735504695-533496390-1008 - Administrator - Enabled)
gamma (S-1-5-21-2637245917-3735504695-533496390-1007 - Administrator - Enabled)
Gast (S-1-5-21-2637245917-3735504695-533496390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2637245917-3735504695-533496390-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version: - ALDI TALK Verbindungsassistent)
Amazon Kindle (HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Amazon Kindle) (Version: - Amazon)
Any Video Converter 5.7.6 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
ArcSoft ShowBiz (HKLM\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version: - ArcSoft)
Audacity 1.2.0 (HKLM\...\Audacity_is1) (Version: - )
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.76.0.2015 - Georgy Berdyshev)
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: - Elaborate Bytes)
Crimson Editor (remove only) (HKLM\...\Crimson Editor) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dell C1765 Color MFP (HKLM\...\InstallShield_{B03A2793-A8FF-4242-B23D-88D2D5FAE56A}) (Version: 1.039.0 - Dell Inc.)
Dell C1765 Color MFP (Version: 1.039.0 - Dell Inc.) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Express Rip (HKLM\...\ExpressRip) (Version: 1.94 - NCH Software)
FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 5.1.0.30630 (HKLM\...\FARO LS_is1) (Version: - FARO Technologies)
Filzip 3.0 (HKLM\...\Filzip 3.0.0.0_is1) (Version: 3.0.0 - Philipp Engel)
Final Surface Demo 4.0.8 (HKLM\...\{861EEB19-15EE-4715-96F9-3D217BB03FA8}_is1) (Version: - GFaI Berlin, Germany)
FotoQuelle Fotosoftware 4.14.2. (HKLM\...\FotoQuelle Fotosoftware) (Version: 4.14.2. - ORWO Net)
Free DWG Viewer 7.2 (HKLM\...\{90751489-B709-4D2F-8634-FEE00BFEC41A}) (Version: 7.2.0.51 - IGC)
Free Video Dub version 2.0.21.822 (HKLM\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.)
FreeOCR v4.2 (HKLM\...\freeocr_is1) (Version: - )
Glary Undelete 5.0.1.19 (HKLM\...\Glary Undelete) (Version: 5.0.1.19 - Glarysoft Ltd)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GSview 4.6 (HKLM\...\GSview 4.6) (Version: - )
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: v7.2.30237 (CD 2.6) - Hauppauge Computer Works)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version: - NIH)
InterVideo WinDVR (HKLM\...\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}) (Version: - )
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Kyodai (HKLM\...\Kyodai 16.00 (Full package)_is1) (Version: - )
map&guide 10 Karte Europa City (HKLM\...\map&guide 10 Karte Europa City) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30401.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{D9D937B0-E842-4130-9588-B948E876904A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla (1.7.13) (HKLM\...\Mozilla (1.7.13)) (Version: - )
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MPEG Scissors (HKLM\...\MPEG Scissors_is1) (Version: - )
MuseScore 1.3 (HKLM\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MyFreeCodec (HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MyFreeCodec) (Version: - )
Nuance PaperPort 14 (HKLM\...\{08BCE67B-6305-4D8A-B749-F381E7E3DDA2}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM\...\NVIDIAStereo) (Version: 7.15.11.9038 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PhotoFiltre (HKLM\...\PhotoFiltre) (Version: - )
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PriMus Free 1.1 (Build 10284) (HKLM\...\PriMus Free_is1) (Version: - Columbus Soft)
ProfiSchafkopf (HKLM\...\{AFE2586D-6702-47DA-8237-EB0B40F2A3B3}) (Version: 1.0.4 - CuteSoft)
Rasche`s Kartenspiele 3 (HKLM\...\Rasche`s Kartenspiele 3) (Version: - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scansoft PDF Professional (Version: - ) Hidden
Scribus 1.4.3 (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sokoban YASC (HKLM\...\Sokoban YASC - Yet Another Sokoban Clone_is1) (Version: - )
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
TSDoctor (HKLM\...\{F31D0373-A505-4ADC-8CB1-DE04246A6725}) (Version: 1.2.166 - Cypheros)
Ulead VideoStudio SE DVD (HKLM\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
USB2.0 Grabber (HKLM\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.002 - Youyan)
Vereinsscout (HKLM\...\Vereinsscout) (Version: 14.2.1 - Scoutsystems Software)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
webssearches uninstall (HKLM\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinSCP 5.1.2 (HKLM\...\winscp3_is1) (Version: 5.1.2 - Martin Prikryl)
XMedia Recode Version 3.1.5.3 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.5.3 - XMedia Recode)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
25-12-2014 18:59:23 Konfiguriert Dell C1765 Color MFP
25-12-2014 19:19:01 Microsoft Visual C++ 2005 Redistributable wird installiert
25-12-2014 19:19:59 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
25-12-2014 19:22:24 Windows Update
25-12-2014 19:27:44 Installed Nuance PaperPort 14.
25-12-2014 19:31:49 Installed Nuance PDF Viewer Plus.
25-12-2014 19:33:54 Installed PaperPort Image Printer.
26-12-2014 14:59:32 Install CloneCD
05-01-2015 21:50:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 22:04:22 TSDoctor wird installiert
11-02-2015 21:26:44 TSDoctor wird installiert
03-03-2015 17:36:15 ProfiSchafkopf wird installiert
07-04-2015 19:53:46 TSDoctor wird installiert
07-04-2015 19:58:25 TSDoctor wird installiert
17-04-2015 12:03:00 TSDoctor wird installiert
22-04-2015 18:59:23 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {003A64EC-61A2-4D07-B5B2-B201478CB58E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {0B3BF15B-1DCD-4255-8934-C632BD3F4702} - System32\Tasks\{191CE641-D476-4A51-81D5-66811D5D743E} => C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
Task: {18D05FCF-156F-42BB-AC9A-E3F4C22BA022} - System32\Tasks\{33BDC46F-2173-4D16-9320-7D35E38D6ECC} => pcalua.exe -a C:\Users\alpha\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs1 <==== ATTENTION
Task: {582611E8-28D9-4809-8E15-8BAFDAA96D5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-23] (Google Inc.)
Task: {AF44318E-0B3D-4B65-AED3-44E5254120D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-23] (Google Inc.)
Task: {B8BE6139-CE95-41DC-872D-D410538112C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {CDE2C523-D398-40C2-8F8E-9803552C2C1E} - System32\Tasks\{1A00003E-DD42-4A62-B66F-63FF30166DFF} => C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-04-22 19:00 - 2015-04-22 19:00 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 19:00 - 2015-04-22 19:00 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-26 10:10 - 2015-05-26 10:10 - 02948096 _____ () C:\Program Files\AVAST Software\Avast\defs\15052600\algo.dll
2014-12-25 18:14 - 2012-06-07 17:48 - 00019968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dltfm1zPP.dll
2014-12-25 18:14 - 2013-02-01 15:55 - 12875264 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dlthm1zRC.DLL
2013-07-04 10:44 - 2013-07-04 10:44 - 00358968 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2013-02-06 17:37 - 2013-02-06 17:37 - 00191464 _____ () C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2013-01-16 18:08 - 2011-08-23 10:04 - 00057344 _____ () C:\Program Files\WinTV\TVServer\libhdhomerun.dll
2013-01-16 18:08 - 2012-01-16 17:12 - 00018944 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2014-12-25 18:13 - 2012-08-16 19:33 - 00041984 _____ () C:\Windows\system32\dltsm1zwia.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-12-23 23:35 - 2009-05-07 09:50 - 00073728 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2012-12-23 23:35 - 2009-05-07 09:53 - 00106496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2012-12-23 23:35 - 2008-02-14 06:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2012-12-23 23:35 - 2009-09-02 02:28 - 47628288 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2010-07-04 20:51 - 2010-07-04 20:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2015-04-22 19:00 - 2015-04-22 19:00 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-23 15:11 - 2013-07-18 06:52 - 00036352 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2013-05-23 15:12 - 2013-07-23 02:00 - 17223680 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
2013-05-23 15:11 - 2013-07-23 01:58 - 00564736 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
2013-05-23 10:15 - 2013-07-18 06:51 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
2013-05-22 20:34 - 2013-05-22 20:34 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2013-02-12 17:37 - 2002-07-30 01:03 - 00098304 _____ () C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
2013-07-04 10:44 - 2013-07-04 10:44 - 00510520 _____ () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2012-12-26 23:19 - 2012-12-26 23:16 - 00046080 _____ () C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe
2009-08-18 15:54 - 2009-08-18 15:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-12-23 21:03 - 2012-12-26 16:36 - 00058368 _____ () C:\Program Files\HPiotr\MSOffix2010\MSOffix2010.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{FC0EF7C5-DFD4-4585-913A-00480A815950}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3586705B-55A5-44CA-BDAE-00E7400D6DEE}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [UDP Query User{9D015B41-56FE-41E2-BE62-3858C6F9839A}C:\program files\winscp\winscp.exe] => (Allow) C:\program files\winscp\winscp.exe
FirewallRules: [{C58E0582-B221-49C1-8B0B-60E1D9EE46CA}] => (Allow) LPort=1900
FirewallRules: [{6EEBE553-6E1F-4367-98C2-BD939C31E7C8}] => (Allow) LPort=2869
FirewallRules: [{75D22465-1D3F-4629-8B41-7B02B75AA2E4}] => (Allow) LPort=1900
FirewallRules: [{92CCC059-5CEC-44BC-909B-B9B62164B3BA}] => (Allow) LPort=2869
FirewallRules: [{9B0314EA-7B3D-4DAD-B92E-9B8D346EA8F9}] => (Allow) C:\Program Files\PCTV Systems\TVCenter\TVCenter.exe
FirewallRules: [{7D20D4C3-E911-4386-9F3A-190DB5ED7AFE}] => (Allow) C:\Program Files\Common Files\PCTV Systems\PVR\VideoControl.exe
FirewallRules: [{6612222F-96E7-479B-AE39-179E0EEF8832}] => (Allow) C:\Program Files\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
FirewallRules: [{C375E347-556A-4D4D-AA85-DB1713D51D48}] => (Allow) LPort=1900
FirewallRules: [{C79621B7-A2A8-40EC-8306-77225752AAA4}] => (Allow) LPort=2869
FirewallRules: [{14DD4465-271E-4D9C-89B6-ADD78C3FE68E}] => (Allow) C:\Windows\ehome\ehrecvr.exe
FirewallRules: [TCP Query User{6C487D24-DC31-4834-98A8-FDF89BB419C9}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F2F1B931-382D-49C2-9A40-F97B46DBB8E2}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [TCP Query User{3B54D67A-7EFA-4EB2-80BC-5D9CAD379204}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{C0ADDA59-A119-4F49-AE47-70C645A6184A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{AFC477CA-7555-4B9D-B3B0-49684E7F6959}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{7D4644DD-A9AA-4725-A6AF-F88A664949D8}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{0EEEE83D-EE60-49BA-B902-F59CB6495BE7}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{D4612235-04C1-4F4E-A60A-4AD76EB1658D}] => (Allow) C:\Program Files\WinTV\WinTV7\WinTV7.exe
FirewallRules: [{102FDC0C-F00C-4CF5-AE29-AB617C039A9E}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{9AB85B32-7E45-4F1C-B70B-44935B760177}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{6BAF254C-B453-41B7-AF03-99AFED89CB78}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{CD627BB3-6743-4DAA-9B0F-9044308D1709}] => (Allow) C:\Program Files\WinTV\Extend\WinTVExtender.exe
FirewallRules: [{8AF3EF8F-63D8-4DEA-BC24-29F5942374AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{23BFA937-4B71-4929-9082-F316A0AA14D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A95D0535-BF1B-4BA8-B145-35AA06F1E9B1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{498476BB-0D98-4B58-BF22-0191955080AE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B7E5C42D-D0C9-4AEB-B2F2-6AEDDF85CC3D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/26/2015 11:19:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x220
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (05/26/2015 08:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: googleearth.exe, Version: 7.1.2.2041, Zeitstempel: 0x525310f1
Name des fehlerhaften Moduls: googleearth_free.dll, Version: 0.0.0.0, Zeitstempel: 0x525310cb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00b5e892
ID des fehlerhaften Prozesses: 0x1da4
Startzeit der fehlerhaften Anwendung: 0xgoogleearth.exe0
Pfad der fehlerhaften Anwendung: googleearth.exe1
Pfad des fehlerhaften Moduls: googleearth.exe2
Berichtskennung: googleearth.exe3
Error: (05/25/2015 05:32:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14dc
Startzeit: 01d09638b38be4f5
Endzeit: 16
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 9ffb1fb1-02fb-11e5-9af6-002522a3b3ce
Error: (05/24/2015 04:41:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12d4
Startzeit: 01d09579936b66c3
Endzeit: 14
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 5371808d-022b-11e5-9af6-002522a3b3ce
Error: (05/23/2015 05:41:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1750
Startzeit: 01d0952c152acd8f
Endzeit: 24
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 88bdd972-016a-11e5-9af6-002522a3b3ce
Error: (05/22/2015 06:08:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15a0
Startzeit: 01d0901f4bb90c5c
Endzeit: 237
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 21518198-00a5-11e5-860b-002522a3b3ce
Error: (05/16/2015 08:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PhotoFiltre.exe, Version 6.3.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 70
Startzeit: 01d0900f09ab350e
Endzeit: 32
Anwendungspfad: C:\Program Files\PhotoFiltre\PhotoFiltre.exe
Berichts-ID:
Error: (05/12/2015 09:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1898
Startzeit: 01d08ca335a7640b
Endzeit: 831
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: e6f4f83b-f8e1-11e4-9008-002522a3b3ce
Error: (05/11/2015 11:00:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f64
Startzeit: 01d08c3053343ebd
Endzeit: 17
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: 259794bf-f829-11e4-9008-002522a3b3ce
Error: (05/11/2015 08:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RasCard3_0.exe, Version 3.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e68
Startzeit: 01d08a8d0e924226
Endzeit: 1147
Anwendungspfad: C:\Program Files\RaschesSpiele3\RasCard3_0.exe
Berichts-ID: edbb3b24-f811-11e4-9008-002522a3b3ce
System errors:
=============
Error: (05/26/2015 07:09:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2015 07:08:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2015 07:07:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (05/26/2015 07:07:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/26/2015 07:05:12 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
Error: (05/26/2015 09:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/26/2015 09:26:06 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (05/26/2015 09:26:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/26/2015 09:23:25 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
Error: (05/26/2015 09:23:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Microsoft Office:
=========================
Error: (05/26/2015 11:19:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa122001d0979489fcad08C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllb1d253cf-0390-11e5-b356-002522a3b3ce
Error: (05/26/2015 08:06:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: googleearth.exe7.1.2.2041525310f1googleearth_free.dll0.0.0.0525310cbc000040900b5e8921da401d0972517a9f125C:\Program Files\Google\Google Earth\client\googleearth.exeC:\Program Files\Google\Google Earth\client\googleearth_free.dllac6b2396-0375-11e5-9af6-002522a3b3ce
Error: (05/25/2015 05:32:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.014dc01d09638b38be4f516C:\Program Files\RaschesSpiele3\RasCard3_0.exe9ffb1fb1-02fb-11e5-9af6-002522a3b3ce
Error: (05/24/2015 04:41:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.012d401d09579936b66c314C:\Program Files\RaschesSpiele3\RasCard3_0.exe5371808d-022b-11e5-9af6-002522a3b3ce
Error: (05/23/2015 05:41:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0175001d0952c152acd8f24C:\Program Files\RaschesSpiele3\RasCard3_0.exe88bdd972-016a-11e5-9af6-002522a3b3ce
Error: (05/22/2015 06:08:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.015a001d0901f4bb90c5c237C:\Program Files\RaschesSpiele3\RasCard3_0.exe21518198-00a5-11e5-860b-002522a3b3ce
Error: (05/16/2015 08:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PhotoFiltre.exe6.3.1.07001d0900f09ab350e32C:\Program Files\PhotoFiltre\PhotoFiltre.exe
Error: (05/12/2015 09:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0189801d08ca335a7640b831C:\Program Files\RaschesSpiele3\RasCard3_0.exee6f4f83b-f8e1-11e4-9008-002522a3b3ce
Error: (05/11/2015 11:00:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0f6401d08c3053343ebd17C:\Program Files\RaschesSpiele3\RasCard3_0.exe259794bf-f829-11e4-9008-002522a3b3ce
Error: (05/11/2015 08:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RasCard3_0.exe3.0.0.0e6801d08a8d0e9242261147C:\Program Files\RaschesSpiele3\RasCard3_0.exeedbb3b24-f811-11e4-9008-002522a3b3ce
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 220 Processor
Percentage of memory in use: 40%
Total physical RAM: 3327.3 MB
Available physical RAM: 1984.59 MB
Total Pagefile: 6652.89 MB
Available Pagefile: 5204.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:156.25 GB) (Free:23.74 GB) NTFS
Drive u: (U_ser) (Fixed) (Total:244.14 GB) (Free:116.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive v: (V_ip) (Fixed) (Total:65.37 GB) (Free:4.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 96854552)
Partition 1: (Not Active) - (Size=156.2 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=65.4 GB) - (Type=07 NTFS)
==================== End of log ============================
________________________________________________________________________________________________________
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2015
Ran by alpha (administrator) on GRIZZLY on 26-05-2015 19:11:59
Running from C:\Users\alpha\Downloads
Loaded Profiles: alpha (Available Profiles: alpha)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
() C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Hauppauge Computer Works, Inc) C:\Program Files\WinTV\Extend\WinTVExtender.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dell Inc.) C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDFViewer\PdfPro7Hook.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SlySoft, Inc.) C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
(PCTV Systems S.à r.l.) C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
(InterVideo Inc.) C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
() C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Program Files\HPiotr\MSOffix2010\MSOffix2010.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [UVS10 Preload] => C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-10] (Ulead Systems, Inc.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [LauncherC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe [2471928 2013-08-13] (Dell Inc.)
HKLM\...\Run: [StatusAutoRunC1765nf] => C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe [3024360 2013-02-06] (Dell Inc.)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [36168 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort14reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [330056 2013-03-14] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFProHook] => C:\Program Files\Nuance\PDFViewer\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc.)
HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2004-12-09] (SlySoft, Inc.)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [RemoTerm.exe] => C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [227200 2012-06-06] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {2ad831f8-e489-11e2-b698-002522a3b3ce} - F:\AutoRun.exe
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {2ad831fd-e489-11e2-b698-002522a3b3ce} - F:\AutoRun.exe
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\...\MountPoints2: {e89fa41a-77b8-11e2-9f9d-002522a3b3ce} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2013-01-16]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk [2012-12-23]
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinScheduler.lnk [2012-12-23]
ShortcutTarget: InterVideo WinScheduler.lnk -> C:\Program Files\InterVideo\WinDVR\WinScheduler.exe (InterVideo Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2013-07-04]
ShortcutTarget: Launcher.lnk -> C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2013-01-16]
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSOffix2010_Reminder.lnk [2012-12-26]
ShortcutTarget: MSOffix2010_Reminder.lnk -> C:\Program Files\HPiotr\MSOffix2010_Reminder\MSOffix2010_Reminder.exe ()
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSWinSl.lnk [2012-12-26]
ShortcutTarget: MSWinSl.lnk -> C:\Program Files\HPiotr\MSWinSl\MSWinSl.exe ()
Startup: C:\Users\alpha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2012-12-23]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ef0745b4-bdad-bf5e-5d29-9aa18ace4082&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=04/03/2014&type=hp1000
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2637245917-3735504695-533496390-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=ef0745b4-bdad-bf5e-5d29-9aa18ace4082&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=04/03/2014&type=hp1000
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3322287&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3A02F2EF-6CB4-47FB-9AEE-985BF84EC088&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637245917-3735504695-533496390-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03203&utm_campaign=install_ie&utm_content=ds&from=wpm03203&uid=395049983_1052515_F4F8DD91&ts=1426844859&type=default&q={searchTerms}
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-03-20] (Thinknice Co. Limited)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{7C3417E8-24A8-43E5-A023-C40B1609E793}: [NameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1420284281&from=cvs1&uid=395049983_1052515_F4F8DD91
FireFox:
========
FF ProfilePath: C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\mfyfgikt.default-1427573157077
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll [2008-03-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml [2015-01-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-23]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\searchengine@gmail.com
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\alpha\AppData\Roaming\Mozilla\Firefox\Profiles\yjkweciu.default\extensions\istart_ffnt@gmail.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [358968 2013-07-04] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-22] (Avast Software)
R2 DLNBDB; C:\Program Files\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [191464 2013-02-06] ()
R2 Hauppauge WinTV Extender; C:\Program Files\WinTV\Extend\WinTVExtender.exe [71680 2012-05-31] (Hauppauge Computer Works, Inc) []
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [577536 2012-08-24] (Hauppauge Computer Works) []
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158816 2015-03-20] (XTab system)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-29] (Nuance Communications, Inc.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-29] (Ulead Systems, Inc.) []
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [499200 2015-03-28] () [] <==== ATTENTION
S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
S4 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) []
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
S3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [26240 2004-08-31] (SlySoft, Inc.) []
R2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [9856 2004-07-21] (Elaborate Bytes AG) []
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [3968 2004-06-08] (Elaborate Bytes AG) []
R3 hcwD1capture; C:\Windows\System32\DRIVERS\hcwD1cap.sys [197488 2012-06-04] (Hauppauge Computer Works, Inc.)
S3 hcwD1encoder; C:\Windows\System32\DRIVERS\hcwD1xcd.sys [8582512 2012-06-04] (ViXS Systems Inc.)
S3 PCTVStargate; C:\Windows\System32\DRIVERS\Stargate.sys [122240 2009-10-20] (Hauppauge Computer Works! )
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-23] (Duplex Secure Ltd.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1521544 2010-04-16] (Syntek)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-22] (Avast Software)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-23] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-23] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-23] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2009-09-23] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-23] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [151552 2011-10-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [192000 2011-10-20] (VIA Technologies, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () []
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-26 19:11 - 2015-05-26 19:12 - 00022483 _____ () C:\Users\alpha\Downloads\FRST.txt
2015-05-26 19:11 - 2015-05-26 19:12 - 00000000 ____D () C:\FRST
2015-05-26 19:10 - 2015-05-26 19:10 - 01147392 _____ (Farbar) C:\Users\alpha\Downloads\FRST.exe
2015-05-26 19:01 - 2015-05-26 19:04 - 00000582 _____ () C:\Users\alpha\Downloads\defogger_disable.log
2015-05-26 19:01 - 2015-05-26 19:04 - 00000176 _____ () C:\Users\alpha\defogger_reenable
2015-05-26 19:00 - 2015-05-26 19:00 - 00050477 _____ () C:\Users\alpha\Downloads\Defogger.exe
2015-05-26 18:59 - 2015-05-26 18:59 - 00668711 _____ () C:\Users\alpha\Downloads\MacKeeper.pkg
2015-05-20 18:06 - 2015-05-23 08:43 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-18 19:29 - 2015-05-18 19:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 21:30 - 2015-05-12 21:30 - 00000000 ____D () C:\Users\alpha\Tracing
2015-05-01 11:43 - 2015-05-01 11:43 - 00001763 _____ () C:\Users\alpha\Downloads\ESt_1_A_2014.xml
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-26 19:10 - 2012-12-23 17:10 - 01594194 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 19:06 - 2012-12-23 23:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-26 19:06 - 2012-12-23 20:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 19:05 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 19:05 - 2009-07-14 05:39 - 02467604 _____ () C:\Windows\setupact.log
2015-05-26 19:02 - 2012-12-23 20:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 19:01 - 2012-12-23 17:10 - 00000000 ____D () C:\Users\alpha
2015-05-26 18:37 - 2013-07-30 13:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 09:24 - 2013-01-16 21:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-24 12:25 - 2012-12-23 17:13 - 01794430 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 23:13 - 2013-07-30 13:23 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\vlc
2015-05-20 23:06 - 2012-12-23 21:36 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\Skype
2015-05-17 11:45 - 2014-12-25 19:29 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\.oit
2015-05-17 08:42 - 2014-12-25 22:11 - 00000000 _____ () C:\sparkraw.log
2015-05-16 18:56 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-16 18:46 - 2015-01-03 15:39 - 00000000 ____D () C:\Users\alpha\AppData\Roaming\Swiftdata
2015-05-12 21:30 - 2014-10-13 21:30 - 00000000 ___RD () C:\Program Files\Skype
2015-05-12 21:30 - 2012-12-23 21:36 - 00000000 ____D () C:\ProgramData\Skype
2015-05-01 12:22 - 2012-12-23 20:50 - 00000000 ____D () C:\Users\alpha\Documents\Visual Studio 2008
2015-04-27 20:43 - 2012-12-23 18:50 - 00000600 _____ () C:\Users\alpha\AppData\Roaming\winscp.rnd
==================== Files in the root of some directories =======
2012-12-23 18:50 - 2015-04-27 20:43 - 0000600 _____ () C:\Users\alpha\AppData\Roaming\winscp.rnd
2013-07-26 17:02 - 2013-08-18 19:32 - 0007680 _____ () C:\Users\alpha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-26 22:02 - 2012-12-26 22:44 - 0007598 _____ () C:\Users\alpha\AppData\Local\Resmon.ResmonCfg
Files to move or delete:
====================
C:\Users\alpha\DeepBurner19.exe
Some files in TEMP:
====================
C:\Users\alpha\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-20 15:29
==================== End of log ============================
______________________________________________________________________________________________
GMER Logfile:
Geändert von picus (26.05.2015 um 21:39 Uhr) |
|
26.05.2015, 20:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
20.07.2015, 17:16
| #3 |
| | Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung Hallo, nun möchte ich doch 'mal nachhaken ...
__________________oder hat schon irgendein guter Geist etwas zur Lösung oder besser gesagt "zur Erlösung von den Übel" hinterlegt? Danke picus |
|
20.07.2015, 21:35
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung Wenn du im Nachhinein editierst, bekommt man keine Benachrichtigung darüber... Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Windows 7: Öffnet beim Anklicken in Firefox eine zusätzliche Web-Seite mit Werbung |
| anderen, antivir, bild, diverse, fenster, firefox, google, heute, installmanager.exe, interne, internet, klicke, klicken, link, morgen, probleme, protokoll, required, scan, scanner, seiten, unerwünschte, virenscan, virenscanner, webseite, werbung, windows, windows 7, zusätzliche |
dann auf 
und dann auf 
. 
Linear-Darstellung
