Mozilla öffnet Fenster und Werbung troz blocker Hallo, ich hoffe ich hab die Anleitung richtig befolgt und hab die ganzen Datei richtig im Text drin ;) Wenn ich im Internet surfe dann macht der Firefox sämtliche Fenster auf nur des richtige nicht Danke für eure Hilfe gruß Sebastian defogger_disable Text: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:39 on 29/07/2014 (Schröder) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by Schröder (administrator) on SCHRÖDER-PC on 29-07-2014 16:45:57 Running from G:\ Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Dropbox, Inc.) C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2014-02-01] (Broadcom Corporation) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-936900603-1012565846-2125379149-1000\...\Run: [SSync] => C:\Users\Schröder\AppData\Roaming\SSync\SSync.exe [37376 2013-12-09] () HKU\S-1-5-21-936900603-1012565846-2125379149-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log HKU\S-1-5-21-936900603-1012565846-2125379149-1000\...\Run: [SCheck] => C:\Users\Schröder\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] () HKU\S-1-5-21-936900603-1012565846-2125379149-1000\...\Run: [Snoozer] => C:\Users\Schröder\AppData\Roaming\Snz\Snz.exe [1628643 2014-07-27] () HKU\S-1-5-21-936900603-1012565846-2125379149-1000\...\Run: [DataMgr] => C:\Users\Schröder\AppData\Roaming\DataMgr\DataMgr.exe [168824 2014-01-23] (HTTO Group, Ltd.) HKU\S-1-5-21-936900603-1012565846-2125379149-1000\...\Run: [Intermediate] => C:\Users\Schröder\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] () HKU\S-1-5-21-936900603-1012565846-2125379149-1000\...\Run: [Sixth] => C:\Users\Schröder\AppData\Roaming\Sixth\Sixth.exe [63625 2014-07-27] () AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1355552 2014-04-08] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-04-08] (Conduit) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) Startup: C:\Users\Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0F5E00BF6E1FCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M8C09D2A5-3CAA-4F4D-A823-36DEC7B0DE10&SearchSource=58&CUI=&UM=5&UP=SPE118459A-8CD3-456F-B3CF-3009ECBB8D70&q={searchTerms}&SSPV= SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391273979&from=cor&uid=WDCXWD7500BPVT-22HXZT3_WD-WXB1C227305273052&q={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms} BHO: Plus-HD-7.6 -> {11111111-1111-1111-1111-110511071178} -> C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-bho64.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Plus-HD-7.6 -> {11111111-1111-1111-1111-110511071178} -> C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-bho.dll No File BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Simple New Tab Bho -> {5C2DD58F-613F-4580-8AC0-F10D760AF938} -> C:\Users\Schröder\AppData\Local\simple_new_tab\simple_new_tab.dll (Temp Company Ltd) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: OfferMosquito -> {82B16A3D-F03E-4565-A532-666B219C9A53} -> C:\Users\Schröder\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll (Bebo Media Ltd) BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.) Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Schröder\AppData\Roaming\Mozilla\Firefox\Profiles\50ybcgw3.default-1401733999785 FF Homepage: hxxp://wisersearch.com/?channel=de FF SelectedSearchEngine: Search FF DefaultSearchEngine: Search FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\Schröder\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (Bebo Media Ltd) FF SearchPlugin: C:\Users\Schröder\AppData\Roaming\Mozilla\Firefox\Profiles\50ybcgw3.default-1401733999785\searchplugins\search.xml FF Extension: Plus-HD-7.6 - C:\Users\Schröder\AppData\Roaming\Mozilla\Firefox\Profiles\50ybcgw3.default-1401733999785\Extensions\1079a15c-f3ae-4d92-b473-c51c7f3bc6de@63449f71-c434-4007-828c-7025ecf04b05.com [2014-07-29] FF Extension: Firefox Old Version Update Hotfix - C:\Users\Schröder\AppData\Roaming\Mozilla\Firefox\Profiles\50ybcgw3.default-1401733999785\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-26] FF Extension: OfferMosquito - C:\Users\Schröder\AppData\Roaming\Mozilla\Firefox\Profiles\50ybcgw3.default-1401733999785\Extensions\om@offermosquito.com.xpi [2014-02-28] FF Extension: Simple New Tab - C:\Users\Schröder\AppData\Roaming\Mozilla\Firefox\Profiles\50ybcgw3.default-1401733999785\Extensions\snt@dotlabs.co.xpi [2013-12-16] FF Extension: No Name - C:\Users\Schröder\AppData\Roaming\Mozilla\Firefox\Profiles\50ybcgw3.default-1401733999785\extensions\om@offermosquito.com.xpi [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-26] (Avira Operations GmbH & Co. KG) R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2470688 2014-04-08] (Conduit) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2014-02-01] (Broadcom Corporation) [File not signed] R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-01] (Cherished Technololgy LIMITED) [File not signed] S2 Update RightSurf; "C:\Program Files (x86)\RightSurf\updateRightSurf.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-02-22] (Duplex Secure Ltd.) S3 athr; system32\DRIVERS\athrx.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 16:39 - 2014-07-29 16:39 - 00000658 _____ () C:\Users\Schröder\Desktop\defogger_disable.log 2014-07-29 16:39 - 2014-07-29 16:39 - 00000188 _____ () C:\Users\Schröder\defogger_reenable 2014-07-29 16:38 - 2014-07-29 16:35 - 00050477 _____ () C:\Users\Schröder\Desktop\Defogger.exe 2014-07-29 16:16 - 2014-07-29 16:45 - 00000000 ____D () C:\FRST 2014-07-29 16:12 - 2014-07-29 16:12 - 00000000 ____D () C:\Users\Schröder\AppData\Roaming\Snz 2014-07-26 20:26 - 2014-07-26 20:26 - 00001377 _____ () C:\Users\Schröder\Downloads\webkonrad.jnlp 2014-07-26 18:30 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-26 18:30 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-26 18:30 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-26 18:30 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-26 18:30 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-26 18:30 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-26 18:30 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-26 18:30 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-26 18:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-26 18:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-26 18:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-26 18:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-26 18:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-26 18:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-26 18:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-26 18:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-26 18:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-26 18:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-26 18:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-26 18:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-26 18:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-26 18:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-26 18:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-26 18:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-26 18:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-26 18:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-26 18:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-26 18:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-26 18:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-26 18:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-26 18:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-26 18:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-26 18:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-26 18:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-26 18:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-26 18:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-26 18:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-26 18:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-26 18:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-26 18:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-26 18:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-26 18:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-26 18:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-26 18:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-26 18:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-26 18:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-26 18:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-26 18:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-26 18:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-26 18:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-26 18:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-26 18:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-26 18:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-26 18:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-26 18:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-26 18:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-26 18:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-26 18:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-26 18:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-26 18:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-26 18:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-26 18:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-26 18:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-26 18:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-26 18:29 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-26 18:29 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-26 18:29 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-26 18:29 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-26 18:29 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-26 18:29 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-26 18:29 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-26 18:29 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-26 18:29 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-26 18:29 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-26 18:29 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-26 18:29 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-26 18:29 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-26 18:29 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-26 18:27 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-26 18:27 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-26 18:27 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-26 18:17 - 2014-07-26 18:17 - 00000000 ____D () C:\Users\Schröder\AppData\Roaming\Sixth ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-29 16:45 - 2014-07-29 16:16 - 00000000 ____D () C:\FRST 2014-07-29 16:45 - 2014-02-01 17:16 - 01396098 _____ () C:\Windows\WindowsUpdate.log 2014-07-29 16:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-29 16:43 - 2014-02-18 10:38 - 00000000 ___RD () C:\Users\Schröder\Dropbox 2014-07-29 16:43 - 2014-02-11 19:21 - 00000000 ____D () C:\Users\Schröder\AppData\Roaming\Dropbox 2014-07-29 16:42 - 2014-02-19 23:02 - 00002332 _____ () C:\Windows\Tasks\Plus-HD-7.6-firefoxinstaller.job 2014-07-29 16:42 - 2014-02-19 23:02 - 00001514 _____ () C:\Windows\Tasks\Plus-HD-7.6-updater.job 2014-07-29 16:42 - 2014-02-19 23:02 - 00001470 _____ () C:\Windows\Tasks\Plus-HD-7.6-codedownloader.job 2014-07-29 16:42 - 2014-02-19 23:02 - 00001368 _____ () C:\Windows\Tasks\Plus-HD-7.6-enabler.job 2014-07-29 16:42 - 2014-02-19 23:01 - 00002398 _____ () C:\Windows\Tasks\Plus-HD-7.6-validator.job 2014-07-29 16:42 - 2014-02-19 22:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-29 16:42 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-29 16:42 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-29 16:41 - 2012-05-09 13:18 - 00013536 _____ () C:\Windows\setupact.log 2014-07-29 16:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-29 16:41 - 2009-07-14 06:45 - 00416360 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-29 16:39 - 2014-07-29 16:39 - 00000658 _____ () C:\Users\Schröder\Desktop\defogger_disable.log 2014-07-29 16:39 - 2014-07-29 16:39 - 00000188 _____ () C:\Users\Schröder\defogger_reenable 2014-07-29 16:39 - 2014-05-06 21:21 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-29 16:39 - 2014-02-01 17:22 - 00000000 ____D () C:\Users\Schröder 2014-07-29 16:39 - 2011-04-12 09:54 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-29 16:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-29 16:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-29 16:35 - 2014-07-29 16:38 - 00050477 _____ () C:\Users\Schröder\Desktop\Defogger.exe 2014-07-29 16:23 - 2014-03-05 16:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-29 16:12 - 2014-07-29 16:12 - 00000000 ____D () C:\Users\Schröder\AppData\Roaming\Snz 2014-07-29 16:12 - 2014-02-19 22:59 - 00000000 ____D () C:\Users\Schröder\AppData\Roaming\DataMgr 2014-07-26 21:22 - 2014-02-23 19:24 - 00000000 ____D () C:\Users\Schröder\Documents\Outlook-Dateien 2014-07-26 20:54 - 2014-02-01 19:00 - 00000304 _____ () C:\Windows\Tasks\UpdaterEX.job 2014-07-26 20:53 - 2014-02-19 22:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-26 20:26 - 2014-07-26 20:26 - 00001377 _____ () C:\Users\Schröder\Downloads\webkonrad.jnlp 2014-07-26 18:29 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-07-26 18:24 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat 2014-07-26 18:24 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat 2014-07-26 18:24 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 18:23 - 2014-03-05 16:16 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-26 18:23 - 2014-02-19 17:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-26 18:23 - 2014-02-19 17:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-26 18:19 - 2014-02-18 10:38 - 00000988 _____ () C:\Users\Schröder\Desktop\Dropbox.lnk 2014-07-26 18:19 - 2014-02-11 19:22 - 00000000 ____D () C:\Users\Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-26 18:17 - 2014-07-26 18:17 - 00000000 ____D () C:\Users\Schröder\AppData\Roaming\Sixth 2014-07-26 18:11 - 2014-02-19 09:57 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-26 18:11 - 2014-02-01 19:06 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-30 04:09 - 2014-07-26 18:30 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-26 18:30 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\Schröder\AppData\Local\Temp\avgnt.exe C:\Users\Schröder\AppData\Local\Temp\BackupSetup.exe C:\Users\Schröder\AppData\Local\Temp\checker.exe C:\Users\Schröder\AppData\Local\Temp\DPInstx64.exe C:\Users\Schröder\AppData\Local\Temp\DPInstx86.exe C:\Users\Schröder\AppData\Local\Temp\DPInst_Monx64.exe C:\Users\Schröder\AppData\Local\Temp\DPInst_Monx86.exe C:\Users\Schröder\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8cuxgp.dll C:\Users\Schröder\AppData\Local\Temp\gkc.exe C:\Users\Schröder\AppData\Local\Temp\IMsetup.exe C:\Users\Schröder\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Schröder\AppData\Local\Temp\nsa6AC0.exe C:\Users\Schröder\AppData\Local\Temp\nsaB433.exe C:\Users\Schröder\AppData\Local\Temp\nsf6F24.exe C:\Users\Schröder\AppData\Local\Temp\nsuAFCE.exe C:\Users\Schröder\AppData\Local\Temp\ose00000.exe C:\Users\Schröder\AppData\Local\Temp\OS_Detect.exe C:\Users\Schröder\AppData\Local\Temp\plus-hd-7-6.exe C:\Users\Schröder\AppData\Local\Temp\ProductKeyFinderSetup.exe C:\Users\Schröder\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Schröder\AppData\Local\Temp\VIS-2013-German.exe C:\Users\Schröder\AppData\Local\Temp\_is39BA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-04-15 20:16 ==================== End Of Log ============================ Addition Text: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014 Ran by Schröder at 2014-07-29 16:46:34 Running from G:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.120 - Broadcom Corporation) Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.) Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION Free YouTube Download version 3.2.33.424 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.) Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - ) Google Chrome Frame (HKLM-x32\...\{8618AE04-1210-3C32-A8C3-45A5E44CD340}) (Version: 65.169.107 - Google, Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) Plus-HD-7.6 (HKLM-x32\...\Plus-HD-7.6) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.20.154 - Conduit) <==== ATTENTION Sepura Remote UI Tool v10.12 (HKLM-x32\...\Sepura Remote UI Tool) (Version: v10.12 - Sepura plc) SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated) VIS (HKLM-x32\...\VIS) (Version: - ) <==== ATTENTION Windows-Treiberpaket - Intel (NETwLv64) net (10/07/2010 13.4.0.139) (HKLM\...\EA1C8ECD4E416637C38F0079F98C8C7B0A112265) (Version: 10/07/2010 13.4.0.139 - Intel) Windows-Treiberpaket - Intel (NETwNs64) net (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel) Windows-Treiberpaket - Intel (NETwNs64) net (02/20/2012 15.1.0.18) (HKLM\...\69A53671180AECD99453E40E613B8E7237D26CDB) (Version: 02/20/2012 15.1.0.18 - Intel) WPM17.8.0.3325 (HKLM-x32\...\WPM) (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-936900603-1012565846-2125379149-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Schröder\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 15-04-2014 18:22:45 Geplanter Prüfpunkt 15-04-2014 19:01:26 Windows Update 29-04-2014 12:34:56 Windows Update 04-05-2014 10:54:35 Installiert Brother Software Suite 05-05-2014 15:46:25 Windows Update 06-05-2014 19:20:48 Windows Update 09-06-2014 18:11:33 Windows Update 16-06-2014 15:33:15 Windows Update 16-06-2014 16:06:55 Windows Update 29-07-2014 14:14:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0F19147E-5961-4520-8581-3A62B57B9F20} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Schröder\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION Task: {0FD380D6-A713-4A79-B854-1C36EFC1126A} - System32\Tasks\Plus-HD-7.6-validator => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-validator.exe Task: {14F93891-D2F0-4579-A6C9-CFD0B3FB6F04} - System32\Tasks\Fifth => C:\Users\Schröder\AppData\Roaming\Fifth\Fifth.exe [2014-03-12] () <==== ATTENTION Task: {1A176CFB-0F75-4582-8FB8-9EEF9E7ECA36} - System32\Tasks\Plus-HD-7.6-firefoxinstaller => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-firefoxinstaller.exe Task: {29DA80FA-DE95-4E99-973D-3437656BAEB0} - System32\Tasks\Plus-HD-7.6-updater => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-updater.exe Task: {4CF92916-9026-4B7A-B616-A5D65D468ABA} - System32\Tasks\UpdaterEX => C:\Users\Schröder\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {60BE13E1-BCA3-4D25-89CB-C04B765BFD9D} - System32\Tasks\Plus-HD-7.6-enabler => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-enabler.exe Task: {689FFBB9-18B8-4FFB-A30A-FDD9F6C38EB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-19] (Google Inc.) Task: {9D745DC5-3FCD-4FDD-91DD-D9BB84E94691} - System32\Tasks\Plus-HD-7.6-codedownloader => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-codedownloader.exe Task: {CF98C123-044E-4476-A8A9-4B62D08F96B9} - System32\Tasks\OMESupervisor => C:\Users\Schröder\AppData\Local\omesuperv.exe [2014-03-12] () <==== ATTENTION Task: {D32ADC25-0F8B-41CB-93D4-F6B1FDFDD1B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-19] (Google Inc.) Task: {E4E579CC-ECD4-4271-85E6-EC7FA8F28869} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-26] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Plus-HD-7.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-codedownloader.exe Task: C:\Windows\Tasks\Plus-HD-7.6-enabler.job => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-enabler.exe Task: C:\Windows\Tasks\Plus-HD-7.6-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-firefoxinstaller.exe Task: C:\Windows\Tasks\Plus-HD-7.6-updater.job => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-updater.exe Task: C:\Windows\Tasks\Plus-HD-7.6-validator.job => C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-validator.exe Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\SCHRDE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE ==================== Loaded Modules (whitelisted) ============= 2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2012-02-15 02:53 - 2012-02-15 02:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-07-29 16:42 - 2014-07-29 16:42 - 00043008 _____ () c:\Users\Schröder\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8cuxgp.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Schröder\AppData\Roaming\Dropbox\bin\libcef.dll 2014-02-19 21:41 - 2014-02-19 21:41 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll 2014-02-01 18:09 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/29/2014 04:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Gmer-19357.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11c4 Startzeit: 01cfab3bd6d13b75 Endzeit: 0 Anwendungspfad: G:\Gmer-19357.exe Berichts-ID: 1fa6399f-172f-11e4-ad33-b888e3cb18da Error: (07/29/2014 04:42:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/29/2014 04:08:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/26/2014 06:16:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/02/2014 05:07:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: cltmngui.exe, Version: 2.12.20.154, Zeitstempel: 0x5343f397 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses: 0x80c Startzeit der fehlerhaften Anwendung: 0xcltmngui.exe0 Pfad der fehlerhaften Anwendung: cltmngui.exe1 Pfad des fehlerhaften Moduls: cltmngui.exe2 Berichtskennung: cltmngui.exe3 Error: (06/20/2014 06:59:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 08:04:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 05:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 05:28:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2014 06:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/29/2014 04:45:17 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "SCHRÖDER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.5 registriert werden. Der Computer mit IP-Adresse 192.168.1.4 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/29/2014 04:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/29/2014 04:41:14 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "SCHRÖDER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.5 registriert werden. Der Computer mit IP-Adresse 192.168.1.4 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/29/2014 04:10:44 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "SCHRÖDER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.5 registriert werden. Der Computer mit IP-Adresse 192.168.1.4 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/29/2014 04:08:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/29/2014 04:08:30 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "SCHRÖDER-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.5 registriert werden. Der Computer mit IP-Adresse 192.168.1.4 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/29/2014 04:08:03 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 26.07.2014 um 21:29:16 unerwartet heruntergefahren. Error: (07/26/2014 06:15:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update RightSurf" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/26/2014 06:14:21 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (06/27/2014 02:42:14 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {0006F03A-0000-0000-C000-000000000046} Microsoft Office Sessions: ========================= Error: (07/29/2014 04:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Gmer-19357.exe2.1.19357.011c401cfab3bd6d13b750G:\Gmer-19357.exe1fa6399f-172f-11e4-ad33-b888e3cb18da Error: (07/29/2014 04:42:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/29/2014 04:08:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/26/2014 06:16:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/02/2014 05:07:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: cltmngui.exe2.12.20.1545343f397ole32.dll6.1.7601.175144ce7b96fc00000050003934280c01cf8ca974ce5b3dC:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exeC:\Windo ws\syswow64\ole32.dll93ad630e-01fa-11e4-a03b-b888e3cb18da Error: (06/20/2014 06:59:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 08:04:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 05:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 05:28:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2014 06:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 5960.36 MB Available physical RAM: 4028.71 MB Total Pagefile: 11918.9 MB Available Pagefile: 9927.73 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.54 GB) (Free:643.11 GB) NTFS Drive g: () (Removable) (Total:1.87 GB) (Free:0.63 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 8F71F849) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 07D60EC4) Partition 1: (Not Active) - (Size=2 GB) - (Type=0B) ==================== End Of Log ============================ Gmer: GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-07-29 16:58:18 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB Running: Gmer-19357.exe; Driver: C:\Users\SCHRDE~1\AppData\Local\Temp\awddrkob.sys ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\WPM\wprotectmanager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76] .text C:\ProgramData\WPM\wprotectmanager.exe[1300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76] .text ... * 2 .text C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe[3852] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76] .text C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe[3852] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76] .text ... * 2 .text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76] .text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76] .text ... * 2 .text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76] .text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[5004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76] .text ... * 2 .text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760b1465 2 bytes [0B, 76] .text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[4112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760b14bb 2 bytes [0B, 76] .text ... * 2 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1300] (WPM Service/Cherished Technololgy LIMITED)(2 0000000001220000 Library C:\Users\Schröder\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe [3852](2014-07-21 20:53:38) 0000000003c30000 Library c:\users\schrde~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8cuxgp.dll (*** suspicious ***) @ C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe [3852](2014-07-29 14:42:46) 0000000003b20000 Library C:\Users\Schröder\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe [3852](2013-10-18 23:55:02) 000000006ea80000 Library C:\Users\Schröder\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Schröder\AppData\Roaming\Dropbox\bin\Dropbox.exe [3852] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000006e0f0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x82 0x14 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0x8A 0xD3 0x47 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0x01 0xF1 0xA3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x82 0x14 0x0D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0x8A 0xD3 0x47 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0x01 0xF1 0xA3 ... ---- EOF - GMER 2.1 ---- Danke ich hoffe es passt alles Gruß |
hi, So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
|
Hi Sorry das ich die Code Version nicht angewendet habe hier der nächste Schritt Code: ComboFix 14-07-29.01 - Schröder 29.07.2014 17:58:37.1.4 - x64 |
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. |
Hi, hab wieder alle Schritte durchgeführt,hier die Ergebnise mbam.txt Code: Malwarebytes Anti-Malware Code: # AdwCleaner v3.301 - Bericht erstellt am 30/07/2014 um 17:41:30 Code: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Schönen Abend Danke Gruß |
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? :) |
Alle Zeitangaben in WEZ +1. Es ist jetzt 10:17 Uhr. |
Copyright ©2000-2024, Trojaner-Board