Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-07-2014 01
Ran by Manfred at 2014-07-31 19:52:44 Run:1
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [Infigo] => C:\Program Files\Infigo\Infigo.exe onrun
C:\Program Files\Infigo
SearchScopes: HKCU - {BAA731FA-283E-4F16-8F5B-905AD08C43E0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=aa17b148-a3f7-420e-a994-f698ca4849c5&apn_sauid=A2076782-DCD3-4FF4-9E32-40CABBD000B1
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Ask.com
C:\Users\Manfred\Downloads\Infigo*.exe
C:\Users\Manfred\Downloads\rcp*.exe
C:\Users\Manfred\AppData\Roaming\Infigo
C:\Users\Manfred\Downloads\Media-Player [1].exe
C:\Users\Manfred\Downloads\Infigo_setup.exe
Reboot:
end
*****************
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Infigo => value deleted successfully.
"C:\Program Files\Infigo" => File/Directory not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BAA731FA-283E-4F16-8F5B-905AD08C43E0}" => Key deleted successfully.
"HKCR\CLSID\{BAA731FA-283E-4F16-8F5B-905AD08C43E0}" => Key not found.
Firefox newtab deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\Manfred\Downloads\Infigo*.exe => Moved successfully.
C:\Users\Manfred\Downloads\rcp*.exe => Moved successfully.
C:\Users\Manfred\AppData\Roaming\Infigo => Moved successfully.
C:\Users\Manfred\Downloads\Media-Player [1].exe => Moved successfully.
"C:\Users\Manfred\Downloads\Infigo_setup.exe" => File/Directory not found.
The system needed a reboot.
==== End of Fixlog ====
Code:
Results of screen317's Security Check version 0.99.85
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities 2014
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
[CODE]ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=128d87f9b6874e4a86fc8bb7b175fc3a
# engine=19443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-31 07:15:00
# local_time=2014-07-31 09:15:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 4492 272257390 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3388321 31715414 0 0
# scanned=188870
# found=39
# cleaned=0
# scan_time=4120
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=B92B5653151811A3D3E79ABF466B1BC45B6B0629 ft=1 fh=ea6b2f014c1c4c36 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlBHO.dll.vir"
sh=DEB5731490F0FFF9E8B5DD10DAB02C9ACCEABE39 ft=1 fh=82381dedc50e8e91 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlUn.exe.vir"
sh=D2CCFE60F42725555B68A7384ABA09E0CCD66CA1 ft=1 fh=5727933fdb8273cc vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlUninstall.exe.vir"
sh=CCE2EBA400860CE9D351E68128A9EB32092A9BF9 ft=1 fh=97fefa04cf8d94ca vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\updateNetCrawl.exe.vir"
sh=2F90A4EECFFB0DEAF979481B19AA23D0FD43628C ft=1 fh=c7873f6e30550f25 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe.vir"
sh=901F19E541B8A6984390B1AB67CAEEA67BA86C61 ft=1 fh=6b4cad971f9fa32a vn="Variante von Win32/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe.vir"
sh=CCE2EBA400860CE9D351E68128A9EB32092A9BF9 ft=1 fh=97fefa04cf8d94ca vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\utilNetCrawl.exe.vir"
sh=92D997787E7F25D6C6BD39BE5823768D6DC20047 ft=1 fh=d9a31853698ec303 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir"
sh=683F11C8F3ED3F25D47DF2F82FE58F7C951078FE ft=1 fh=78f650e73d778dfb vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir"
sh=6D0D342F0248A068878A2E1F30538BEA20887A10 ft=1 fh=28a6bb23aba6ed0a vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir"
sh=5EBC4F87F2604E53BE2ECA22BB13EE93C23CEFE9 ft=1 fh=9ac32ae49f864c2d vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir"
sh=65B23FC870FEF1750CA45B94CE20BB56A1ECAFF8 ft=1 fh=ff0a359483b59740 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir"
sh=B7687BBDA37F7B625404532BB53A59C913AB0A73 ft=1 fh=903102ccbf0a547c vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir"
sh=A712982FA115D4AE40A69D9552F6A84E54C24669 ft=1 fh=7e50f8b18fc79544 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir"
sh=7653369DF0B57FCE93C1E3B81A6F597580180118 ft=1 fh=51d742089e4f7175 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir"
sh=D4CF6438AC6BB90F29586B4B416C180DA00D708D ft=1 fh=f5d0ab20ae181c4c vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.Repmon.dll.vir"
sh=39455565AD792A7D9AAB03CDE37A234AA04B4FBC ft=1 fh=a06366ad09d7b766 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll"
sh=BD165479C4C6FE4FA308749C6549737F7C06061B ft=1 fh=fb9c0a330915096d vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Manfred\Downloads\rcprcpa_29070909433874754.exe.xBAD"
sh=16F34180D9E52FB302262DC36F321AA3AB96AAA9 ft=1 fh=3ba6a656f8b92853 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Manfred\Downloads\rcprcp_300710062649096190.exe.xBAD"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=1D8EC6612F09B82BE7D61BB29C69D5E78DD9D677 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.0_AVIRA-V7C.msi"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Desktop\avira_free_antivirus_de.exe"
sh=0B756802CDD8FCA064D7546EC920F16F3187448B ft=1 fh=75a4f95b51866dba vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\avira_free344_antivirus_de.exe"
sh=0D841594319DB3C80A51D3D017A913A3A063A28C ft=1 fh=54829ef673838be7 vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\FlashPlayer_V.17311321b.exe"
sh=7D322813B33F6DD64AFFBB284E6BA42231F49605 ft=1 fh=f0a6ef37ed4c7612 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\FreeAudioConverter_5.0.23.320.exe"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3-converter.exe"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3-converter_7.2.exe"
sh=E88952A7C68BC64AD84A88AB73A4DAFBDAB80580 ft=1 fh=bc7fcb22b92a1d08 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Manfred\AppData\Local\Temp\AskSLib.dll"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="I:\Manfred Pfau\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\7qifv2wb.default\extensions\plugin@yontoo.com\content\overlay.js"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Desktop\avira_free_antivirus_de.exe"
sh=2B77B559DFE503F8FE0DDDD20DD1785CAC45C703 ft=1 fh=2171829263f01658 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Desktop\cdbxp_setup_4.4.1.3099.exe"
sh=A9D9A1EA56810A35A352A96EAD8E461A93643DE0 ft=1 fh=398a74cd8659c3dc vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung gesamt\Sicher_052010\Downloads\FreeYouTubeToMp3Converter327.exe"
sh=4E8BC33C6DFBDD9727988EB0AA95AF115C08FA8F ft=1 fh=efa4d311e75fd867 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung gesamt\Sicherung 10092010\DVDVideoSoft\tbDVDV.dll"
[/CODE
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by Manfred at 2014-07-31 21:38:48
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0F01}) (Version: 12.15.1.462 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2718 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Free Audio Converter version 5.0.23.320 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe (x86) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{FC16C025-71D3-430F-BE61-B7E713E5B582}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
WEB.DE Club SmartFax (HKLM\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
==================== Restore Points =========================
12-07-2014 09:44:19 Windows Update
30-07-2014 10:12:24 RCP Mi, Jul 30, 14 12:12
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0064A4EB-6388-4C48-81C6-99746DEA4A8E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01BCC00A-C6A8-474C-BA2D-3076F3CE544D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {02B97B27-29F3-4F0D-B9D9-1A218C58AD6F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {03DE1924-3FE1-4D64-9AFA-83BE2B67843E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {03F00483-DFF0-469F-88A0-E7C9E3D9F4A7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2E5E8DAF-5F7B-4DD0-B6D9-6154B1A6CA1D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {678555FD-A992-4622-BCCB-A89F836C2CAE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7276DEEA-6ED2-4091-AF19-079E9B8C56C7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7CCE08F4-EC9E-4612-99CC-D857CD214A0A} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {95A93937-1782-4523-807E-50CC286C60E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B6DFC327-E4D4-468C-A071-D458EC30ADBF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D6A010E0-28C2-4360-B06D-6DB72C548BFD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E6A82C08-8490-4083-9271-DEB458C010CF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EF3CB7C8-BE78-4F7D-90D1-123882E38108} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-06 12:24 - 2010-06-29 23:14 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-29 14:14 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Manfred\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run: => "OpwareSE4"
HKLM\...\StartupApproved\Run: => "CLMLServer"
HKLM\...\StartupApproved\Run: => "YouCam Mirror Tray icon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "HP Software Update"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10811078
Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10811078
Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2014 00:58:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/30/2014 00:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {7227b3d2-bfc2-4c0b-b08c-d95f02cbeb44}
Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13594
Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13594
Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13937
Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13937
System errors:
=============
Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/31/2014 07:54:59 PM) (Source: DCOM) (EventID: 10016) (User: MANFREDPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ManfredPCManfredS-1-5-21-2440249-1944230807-1698688370-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (07/31/2014 06:52:27 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Error: (07/31/2014 03:52:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (07/29/2014 06:28:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Microsoft Office Sessions:
=========================
Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10811078
Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10811078
Error: (07/31/2014 06:52:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/31/2014 00:58:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2540 series\DriverStore\Yeti\V3\amd64\hpinkinsC211.exe
Error: (07/30/2014 00:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {7227b3d2-bfc2-4c0b-b08c-d95f02cbeb44}
Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13594
Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13594
Error: (07/29/2014 11:59:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13937
Error: (07/26/2014 00:23:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13937
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 2934.6 MB
Available physical RAM: 1587.12 MB
Total Pagefile: 3446.6 MB
Available Pagefile: 1849.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.73 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:389.43 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.5 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.28 GB) (Free:702.21 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)
==================== End Of Log ============================
--- --- ---
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01
Ran by Manfred (administrator) on MANFREDPC on 31-07-2014 21:37:50
Running from C:\Users\Manfred\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
IFEO\effectextractor.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\omnipage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar@web.de [2014-07-12]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2013-12-20]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-06-29] () [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-06-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-06-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-06-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-26] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [110792 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-06-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-06-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 21:31 - 2014-07-31 21:31 - 00854390 _____ () C:\Users\Manfred\Desktop\SecurityCheck.exe
2014-07-31 21:28 - 2014-07-31 21:28 - 00009457 _____ () C:\Users\Manfred\Downloads\Eset.txt
2014-07-31 20:03 - 2014-07-31 20:03 - 02347384 _____ (ESET) C:\Users\Manfred\Downloads\esetsmartinstaller_deu.exe
2014-07-31 12:42 - 2014-07-31 12:42 - 00000000 ____D () C:\Users\Manfred\Downloads\FRST-OlderVersion
2014-07-31 12:41 - 2014-07-31 12:41 - 00001538 _____ () C:\Users\Manfred\Desktop\mbam.txt
2014-07-31 12:20 - 2014-07-31 19:55 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 12:20 - 2014-07-31 12:20 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-31 12:20 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-31 12:20 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-31 12:20 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-07-31 19:53 - 00007828 _____ () C:\WINDOWS\PFRO.log
2014-07-31 12:10 - 2014-07-31 12:11 - 00000000 ____D () C:\AdwCleaner
2014-07-31 12:09 - 2014-07-31 12:09 - 01361309 _____ () C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
2014-07-30 15:01 - 2014-07-31 21:38 - 00010385 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-07-30 15:01 - 2014-07-31 12:43 - 00030905 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-07-30 15:00 - 2014-07-31 21:37 - 00000000 ____D () C:\FRST
2014-07-30 14:59 - 2014-07-31 12:42 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\rbtemp
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-28 11:37 - 2014-07-28 11:38 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:46 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-12 06:55 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-12 06:54 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 06:54 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 06:54 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 06:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-12 06:54 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-12 06:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-12 06:54 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-12 06:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-12 06:54 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-12 06:54 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-12 06:54 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-12 06:54 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-12 06:54 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-12 06:54 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-12 06:54 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-12 06:54 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-12 06:54 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-12 06:54 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-12 06:54 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-12 06:54 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 06:54 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-12 06:54 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-12 06:54 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-12 06:54 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-12 06:54 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-12 06:54 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-12 06:54 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-12 06:54 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-12 06:54 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 21:38 - 2014-07-30 15:01 - 00010385 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-07-31 21:37 - 2014-07-30 15:00 - 00000000 ____D () C:\FRST
2014-07-31 21:36 - 2013-03-25 10:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-31 21:35 - 2014-06-22 15:30 - 01209182 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 21:31 - 2014-07-31 21:31 - 00854390 _____ () C:\Users\Manfred\Desktop\SecurityCheck.exe
2014-07-31 21:28 - 2014-07-31 21:28 - 00009457 _____ () C:\Users\Manfred\Downloads\Eset.txt
2014-07-31 21:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 20:03 - 2014-07-31 20:03 - 02347384 _____ (ESET) C:\Users\Manfred\Downloads\esetsmartinstaller_deu.exe
2014-07-31 19:55 - 2014-07-31 12:20 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 19:55 - 2014-06-23 09:03 - 00000000 __RDO () C:\Users\Manfred\OneDrive
2014-07-31 19:54 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-31 19:53 - 2014-07-31 12:14 - 00007828 _____ () C:\WINDOWS\PFRO.log
2014-07-31 12:56 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-07-31 12:43 - 2014-07-30 15:01 - 00030905 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-07-31 12:42 - 2014-07-31 12:42 - 00000000 ____D () C:\Users\Manfred\Downloads\FRST-OlderVersion
2014-07-31 12:42 - 2014-07-30 14:59 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-07-31 12:41 - 2014-07-31 12:41 - 00001538 _____ () C:\Users\Manfred\Desktop\mbam.txt
2014-07-31 12:35 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\IME
2014-07-31 12:35 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-31 12:20 - 2014-07-31 12:20 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-01-26 12:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 12:11 - 2014-07-31 12:10 - 00000000 ____D () C:\AdwCleaner
2014-07-31 12:09 - 2014-07-31 12:09 - 01361309 _____ () C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
2014-07-31 11:47 - 2012-07-26 06:17 - 00000269 _____ () C:\WINDOWS\win.ini
2014-07-31 10:52 - 2014-01-26 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-31 10:52 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-30 12:08 - 2014-07-30 12:08 - 00000000 ____D () C:\rbtemp
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-30 10:43 - 2014-05-06 12:29 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\HpUpdate
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 14:14 - 2014-06-19 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-28 11:38 - 2014-07-28 11:37 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-26 11:52 - 2013-09-07 12:41 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-07-26 11:21 - 2013-05-10 08:50 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-16 10:24 - 2013-09-10 17:30 - 00036152 _____ (TuneUp Software) C:\WINDOWS\system32\uxtuneup.dll
2014-07-16 10:24 - 2013-09-07 12:42 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-07-16 10:24 - 2013-09-07 12:42 - 00025400 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-15 06:45 - 2013-03-25 18:15 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-13 11:43 - 2014-06-22 16:05 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-13 09:01 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 08:59 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-13 08:43 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-13 08:37 - 2013-08-22 09:22 - 00485264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 12:34 - 2014-05-06 12:28 - 00000000 ____D () C:\Program Files\HP
2014-07-12 12:33 - 2013-01-22 09:36 - 00000000 ____D () C:\Users\Manfred\Documents\Beihilfe
2014-07-12 11:51 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 11:50 - 2013-03-25 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:48 - 2013-08-17 13:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 11:47 - 2013-03-27 17:25 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 11:46 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList
2014-07-01 00:46 - 2014-07-12 06:54 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
Some content of TEMP:
====================
C:\Users\Manfred\AppData\Local\Temp\avgnt.exe
C:\Users\Manfred\AppData\Local\Temp\de_ww_Package.exe
C:\Users\Manfred\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-31 12:56
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
--- --- ---
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 21:44 on 31/07/2014 by Manfred
Administrator - Elevation successful
========== filefind ==========
Searching for "*Buzzdock*"
No files found.
Searching for "*Infigo*"
C:\FRST\Quarantine\C\Users\Manfred\AppData\Roaming\Infigo\Infigo.sdf --a---- 585728 bytes [10:02 30/07/2014] [11:04 30/07/2014] 71814EC61FAEC690AA01527B2A88CE77
C:\FRST\Quarantine\C\Users\Manfred\Downloads\InfigoInfigo_setup(1).exe.xBAD --a---- 7501568 bytes [11:11 30/07/2014] [11:11 30/07/2014] F01590F6E79A9AD0404F24FDD734E4E9
C:\FRST\Quarantine\C\Users\Manfred\Downloads\InfigoInfigo_setup.exe.xBAD --a---- 7501568 bytes [10:01 30/07/2014] [10:01 30/07/2014] 60215E8BCE7F11D72053C2386C87990A
C:\Users\Manfred\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Infigo.exe.log --a---- 1213 bytes [10:15 30/07/2014] [10:15 30/07/2014] 48325F3BA82017203D93C7ABE44BBB99
C:\Windows\Prefetch\INFIGO_SETUP.EXE-310C7AF1.pf --a---- 71854 bytes [10:01 30/07/2014] [10:01 30/07/2014] E3F46DFAE82ADB20C69B7A60DF973362
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\InfigoOperator.exe.log --a---- 1316 bytes [13:09 30/07/2014] [13:09 30/07/2014] CCB101C72D9AC6191B1BDA4B6DF2CF07
C:\Windows\System32\config\systemprofile\AppData\Roaming\Infigo\Infigo.sdf --a---- 520192 bytes [10:02 30/07/2014] [13:09 30/07/2014] 31C7D1E4C531BA7E139CFC29ED652A9D
========== folderfind ==========
Searching for "*Buzzdock*"
No folders found.
Searching for "*Infigo*"
C:\FRST\Quarantine\C\Users\Manfred\AppData\Roaming\Infigo d------ [10:02 30/07/2014]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Infigo d------ [10:02 30/07/2014]
========== regfind ==========
Searching for "Buzzdock"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"DisplayName"="Buzzdock"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"HelpLink"="mailto:support@buzzdock.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"URLInfoAbout"="hxxp://www.buzzdock.com/faq-support"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"URLUpdateInfo"="hxxp://www.buzzdock.com/"
Searching for "Infigo"
[HKEY_CURRENT_USER\Software\Infigo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"0"="C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infigo\Infigo.lnk C:\Program Files\Infigo\Infigo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Infigo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Infigo_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\InfigoService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\InfigoService]
[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\InfigoOperator.exe]
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Infigo]
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"0"="C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Infigo\Infigo.lnk C:\Program Files\Infigo\Infigo.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\InfigoOperator.exe]
Searching for "NetCrawl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2440249-1944230807-1698688370-1001\Software\NetCrawl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91C6335B-B94B-4CED-BCE3-BC33A09F5DB5}]
@="INetCrawlBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utilNetCrawl_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"QuietUninstallString"="C:\Program Files\NetCrawl\NetCrawlUn.exe REP_BD_"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}]
"UninstallString"="C:\Program Files\NetCrawl\NetCrawlUn.exe REP_BD_"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Update NetCrawl]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Util NetCrawl]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update NetCrawl]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util NetCrawl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateNetCrawl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilNetCrawl.exe]
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2440249-1944230807-1698688370-1001\Software\NetCrawl]
[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\updateNetCrawl.exe]
[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilNetCrawl.exe]
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="4.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Reso
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="4.0"/> <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/> <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/> <Param Name="SessionConfigurationData" Value="
-= EOF =-
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=128d87f9b6874e4a86fc8bb7b175fc3a
# engine=19443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-31 07:15:00
# local_time=2014-07-31 09:15:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 4492 272257390 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3388321 31715414 0 0
# scanned=188870
# found=39
# cleaned=0
# scan_time=4120
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=B92B5653151811A3D3E79ABF466B1BC45B6B0629 ft=1 fh=ea6b2f014c1c4c36 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlBHO.dll.vir"
sh=DEB5731490F0FFF9E8B5DD10DAB02C9ACCEABE39 ft=1 fh=82381dedc50e8e91 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlUn.exe.vir"
sh=D2CCFE60F42725555B68A7384ABA09E0CCD66CA1 ft=1 fh=5727933fdb8273cc vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\NetCrawlUninstall.exe.vir"
sh=CCE2EBA400860CE9D351E68128A9EB32092A9BF9 ft=1 fh=97fefa04cf8d94ca vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\updateNetCrawl.exe.vir"
sh=2F90A4EECFFB0DEAF979481B19AA23D0FD43628C ft=1 fh=c7873f6e30550f25 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\NetCrawl.BrowserAdapter.exe.vir"
sh=901F19E541B8A6984390B1AB67CAEEA67BA86C61 ft=1 fh=6b4cad971f9fa32a vn="Variante von Win32/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\NetCrawl.PurBrowse.exe.vir"
sh=CCE2EBA400860CE9D351E68128A9EB32092A9BF9 ft=1 fh=97fefa04cf8d94ca vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\utilNetCrawl.exe.vir"
sh=92D997787E7F25D6C6BD39BE5823768D6DC20047 ft=1 fh=d9a31853698ec303 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir"
sh=683F11C8F3ED3F25D47DF2F82FE58F7C951078FE ft=1 fh=78f650e73d778dfb vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir"
sh=6D0D342F0248A068878A2E1F30538BEA20887A10 ft=1 fh=28a6bb23aba6ed0a vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir"
sh=5EBC4F87F2604E53BE2ECA22BB13EE93C23CEFE9 ft=1 fh=9ac32ae49f864c2d vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir"
sh=65B23FC870FEF1750CA45B94CE20BB56A1ECAFF8 ft=1 fh=ff0a359483b59740 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir"
sh=B7687BBDA37F7B625404532BB53A59C913AB0A73 ft=1 fh=903102ccbf0a547c vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir"
sh=A712982FA115D4AE40A69D9552F6A84E54C24669 ft=1 fh=7e50f8b18fc79544 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir"
sh=7653369DF0B57FCE93C1E3B81A6F597580180118 ft=1 fh=51d742089e4f7175 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir"
sh=D4CF6438AC6BB90F29586B4B416C180DA00D708D ft=1 fh=f5d0ab20ae181c4c vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NetCrawl\bin\plugins\NetCrawl.Repmon.dll.vir"
sh=39455565AD792A7D9AAB03CDE37A234AA04B4FBC ft=1 fh=a06366ad09d7b766 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll"
sh=BD165479C4C6FE4FA308749C6549737F7C06061B ft=1 fh=fb9c0a330915096d vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Manfred\Downloads\rcprcpa_29070909433874754.exe.xBAD"
sh=16F34180D9E52FB302262DC36F321AA3AB96AAA9 ft=1 fh=3ba6a656f8b92853 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Manfred\Downloads\rcprcp_300710062649096190.exe.xBAD"
sh=B506B2465FD10608020D30ED9047B5E11DE63FA0 ft=1 fh=10102a51b62618f2 vn="Win32/Bundled.Toolbar.Ask.E potenziell unsichere Anwendung" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe"
sh=1D8EC6612F09B82BE7D61BB29C69D5E78DD9D677 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Source\AskToolbarInstaller-12.10.0_AVIRA-V7C.msi"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Desktop\avira_free_antivirus_de.exe"
sh=0B756802CDD8FCA064D7546EC920F16F3187448B ft=1 fh=75a4f95b51866dba vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\avira_free344_antivirus_de.exe"
sh=0D841594319DB3C80A51D3D017A913A3A063A28C ft=1 fh=54829ef673838be7 vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\FlashPlayer_V.17311321b.exe"
sh=7D322813B33F6DD64AFFBB284E6BA42231F49605 ft=1 fh=f0a6ef37ed4c7612 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\FreeAudioConverter_5.0.23.320.exe"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3-converter.exe"
sh=F74DEFC00820BA00880E018936AD16226C301A4E ft=1 fh=af16ef21883d2d4c vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Manfred\Downloads\bis November 2013\m4a-to-mp3-converter_7.2.exe"
sh=E88952A7C68BC64AD84A88AB73A4DAFBDAB80580 ft=1 fh=bc7fcb22b92a1d08 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Manfred\AppData\Local\Temp\AskSLib.dll"
sh=D84249CE051B0513391DECC5419C0F27AEC7F645 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="I:\Manfred Pfau\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\7qifv2wb.default\extensions\plugin@yontoo.com\content\overlay.js"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Desktop\avira_free_antivirus_de.exe"
sh=2B77B559DFE503F8FE0DDDD20DD1785CAC45C703 ft=1 fh=2171829263f01658 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="I:\Manfred Pfau\Desktop\cdbxp_setup_4.4.1.3099.exe"
sh=A9D9A1EA56810A35A352A96EAD8E461A93643DE0 ft=1 fh=398a74cd8659c3dc vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung gesamt\Sicher_052010\Downloads\FreeYouTubeToMp3Converter327.exe"
sh=4E8BC33C6DFBDD9727988EB0AA95AF115C08FA8F ft=1 fh=efa4d311e75fd867 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung gesamt\Sicherung 10092010\DVDVideoSoft\tbDVDV.dll"
Hallo Matthias,
hoffe ich habe alles richtig gemacht.
Gruß Manfred
Guten Morgen,
werde jetzt die verwendeten Tools löschen.
Bis jetzt soweit alles in Ordnung. Schon mal richtig Danke.
Gruß
Manfred