Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CAPTCHA ivp6 periodically & Pop Up Ads


  • This topic is locked This topic is locked
7 replies to this topic

#1 clueso

clueso

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 04 August 2014 - 11:51 PM

hi everyone

 

when I use google I quite often get redirected to a ivp6 page & I have make a CAPTCHA to continue - the page tells me this is necessary because they observed wired traffic from my rooter (or something like this).

 

Also, sometimes I get pop-up ads even if I have AdBlock+

 

So here comes the log & thx for the help

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17207
Run by Bahlmann at 6:41:20 on 2014-08-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3072.892 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Users\Bahlmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyServer = www-proxy.t-online.de:80
uProxyOverride = <local>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [GoogleChromeAutoLaunch_47666428D09FA0F2A4ADBC9432DDF5C0] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Spotify Web Helper] "c:\users\bahlmann\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Spotify] "c:\users\bahlmann\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\realpl~1.lnk - c:\program files\real\realplayer\rpds\bin\rpsystray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: An OneNote s&enden - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\bahlmann\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{664EA8EF-8EAB-46E9-87C2-B43BEFB74F69} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9AF672BB-B9CA-465C-B7C4-B3C6281CD76D} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-9 37352]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-11-1 35592]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2013-3-9 430160]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2013-3-9 430160]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-3-9 1028688]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-9 97648]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-6-20 173192]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-4-3 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2014-4-3 17536800]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2014-6-10 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\real\realplayer\rpds\bin\rpdsvc.exe [2014-5-2 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files\real\updateservice\RealPlayerUpdateSvc.exe [2014-6-26 23552]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-12-6 1229528]
R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2014-7-30 19232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-7-30 34080]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-12-6 16024]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2012-11-1 35592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-12-6 662232]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 MicNgBas;Cinergy 2400i DT Base Driver;c:\windows\system32\drivers\MicNgBas.sys [2012-10-31 81960]
S3 MicNgCap;Cinergy 2400i DT Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2012-10-31 80680]
S3 MicNgTun;Cinergy 2400i DT Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2012-10-31 309416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-7-30 14848]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 603240]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-7-30 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-7-30 27136]
.
=============== Created Last 30 ================
.
2014-08-02 00:22:51 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{01e131c9-7f2b-42a9-8cb5-86ff3b6c0894}\offreg.dll
2014-08-01 19:27:21 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{01e131c9-7f2b-42a9-8cb5-86ff3b6c0894}\mpengine.dll
2014-07-31 18:36:21 609240 ----a-w- c:\windows\system32\nvStreaming.exe
2014-07-30 17:02:13 1291280 ----a-w- c:\windows\system32\nvspbridge.dll
2014-07-30 17:01:12 34080 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-07-20 16:31:06 -------- d-----w- c:\program files\Diablo III Public Test
2014-07-18 16:09:39 -------- d-----w- c:\users\bahlmann\appdata\roaming\RealNetworks
2014-07-18 15:24:18 -------- d-----w- c:\programdata\RealNetworks
2014-07-18 15:24:18 -------- d-----w- c:\program files\RealNetworks
2014-07-18 15:23:22 -------- d-----w- c:\program files\common files\xing shared
2014-07-09 16:31:29 -------- d-----w- c:\windows\de
2014-07-09 13:45:25 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-09 13:45:24 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-09 13:45:24 544768 ----a-w- c:\program files\common files\microsoft shared\ink\TipRes.dll
2014-07-09 13:45:24 399360 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-09 13:45:24 348672 ----a-w- c:\program files\common files\microsoft shared\ink\tiptsf.dll
2014-07-09 13:45:24 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 13:45:24 181760 ----a-w- c:\program files\common files\microsoft shared\ink\TabTip.exe
2014-07-09 13:45:24 104448 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-09 13:45:05 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 13:45:04 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 13:44:58 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-09 13:44:58 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-09 13:44:58 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-09 13:44:58 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-09 13:44:58 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-09 13:44:58 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-09 13:44:58 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-09 13:44:41 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 13:44:40 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 13:44:31 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 13:22:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 13:22:35 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 13:20:31 5018624 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2014-07-25 13:50:29 1126480 ----a-w- c:\windows\system32\nvspcap.dll
2014-07-18 15:20:56 505416 ----a-w- c:\windows\system32\msvcp71.dll
2014-07-18 15:20:56 353864 ----a-w- c:\windows\system32\msvcr71.dll
2014-07-15 12:15:19 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-02 19:42:25 4389848 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 19:42:25 3063256 ----a-w- c:\windows\system32\nvsvc.dll
2014-07-02 19:42:23 670552 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 19:42:23 62936 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 19:42:23 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 19:42:23 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 05:14:36 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-24 09:28:56 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-12 22:14:53 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-29 14:56:14 17816 ----a-w- C:\FixitRegBackup.reg
2014-05-12 05:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:06:54 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:06:54 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-12-16 20:32:02 3837952 ----a-w- c:\program files\Belkin USB Wireless Adaptor.msi
.
============= FINISH:  6:42:22,59 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 09 August 2014 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 09 August 2014 - 06:10 PM

Hi nasdaq

 

Thanks for your help

 

===

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014 01
Ran by Bahlmann (administrator) on BAHLMANN-PC on 10-08-2014 00:42:09
Running from C:\Users\Bahlmann\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
(Spotify Ltd) C:\Users\Bahlmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Bahlmann\AppData\Roaming\Spotify\spotify.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\Run: [GoogleChromeAutoLaunch_47666428D09FA0F2A4ADBC9432DDF5C0] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\Run: [Spotify Web Helper] => C:\Users\Bahlmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\Run: [Spotify] => C:\Users\Bahlmann\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-3889335621-747394281-1454090845-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: www-proxy.t-online.de:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB8F0E515E7DBCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {9C99F719-0EE0-4058-A442-9A8071DF7BEC} URL = https://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.11.7 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.11.7 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-04]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-18]
FF HKLM\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-01-01]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-30]
CHR Extension: (RealPlayer Downloader) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-25]
CHR Extension: (ProxMate) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-09-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Bahlmann\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-18] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-26] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35592 2012-11-01] (AnchorFree Inc.)
S3 MicNgBas; C:\Windows\System32\DRIVERS\MicNgBas.sys [81960 2012-10-31] (Micronas GmbH)
S3 MicNgCap; C:\Windows\System32\DRIVERS\MicNgCap.sys [80680 2012-10-31] (Micronas GmbH)
S3 MicNgTun; C:\Windows\System32\DRIVERS\MicNgTun.sys [309416 2012-10-31] (Micronas GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-09] (Avira GmbH)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-11-01] (Anchorfree Inc.)
S1 MpKsl02a5868a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77072FF4-95F6-4F0A-956D-0D61707F0A00}\MpKsl02a5868a.sys [X]
S3 MSICDSetup; \??\E:\CDriver.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-10 00:42 - 2014-08-10 00:45 - 00018110 _____ () C:\Users\Bahlmann\Downloads\FRST.txt
2014-08-10 00:41 - 2014-08-10 00:42 - 00000000 ____D () C:\FRST
2014-08-10 00:41 - 2014-08-10 00:41 - 01084928 _____ (Farbar) C:\Users\Bahlmann\Downloads\FRST.exe
2014-08-05 19:16 - 2014-08-05 19:16 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 19:08 - 2014-08-05 19:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 06:39 - 2014-08-05 06:40 - 00688992 _____ (Swearware) C:\Users\Bahlmann\Downloads\dds (2).com
2014-08-05 06:38 - 2014-08-05 06:39 - 00688992 _____ (Swearware) C:\Users\Bahlmann\Downloads\dds (1).com
2014-08-05 06:02 - 2014-08-05 06:02 - 00093396 _____ () C:\Users\Bahlmann\Downloads\blocks.csv
2014-08-03 03:01 - 2014-08-03 03:02 - 03133494 _____ () C:\Users\Bahlmann\Documents\Neue Bitmap.bmp
2014-08-02 03:54 - 2014-08-02 03:54 - 00111104 _____ () C:\Users\Bahlmann\Downloads\adhs psycho.ppt
2014-07-31 20:36 - 2014-07-02 19:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-07-30 19:11 - 2014-07-02 22:54 - 24198088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 15296456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 11283344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 11222048 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 10681176 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-30 19:11 - 2014-07-02 22:54 - 03988952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 01054552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234052.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 00907552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234052.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 00907096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 00869152 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 00417752 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 00347936 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 00305600 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2014-07-30 19:11 - 2014-07-02 22:54 - 00146480 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2014-07-30 19:02 - 2014-07-25 15:50 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-07-30 19:01 - 2014-03-31 18:42 - 00034080 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2014-07-22 11:41 - 2014-07-22 11:41 - 00895120 _____ (Google Inc.) C:\Users\Bahlmann\Downloads\ChromeSetup.exe
2014-07-21 12:36 - 2014-08-05 06:42 - 00018158 _____ () C:\Users\Bahlmann\Desktop\dds.txt
2014-07-21 12:36 - 2014-08-05 06:42 - 00006341 _____ () C:\Users\Bahlmann\Desktop\attach.txt
2014-07-20 18:31 - 2014-08-07 12:17 - 00000000 ____D () C:\Program Files\Diablo III Public Test
2014-07-20 18:31 - 2014-07-20 18:31 - 00001282 _____ () C:\Users\Public\Desktop\Diablo III Public Test.lnk
2014-07-20 18:31 - 2014-07-20 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-07-18 18:09 - 2014-07-18 18:09 - 00000000 ____D () C:\Users\Bahlmann\AppData\Roaming\RealNetworks
2014-07-18 17:24 - 2014-07-18 17:24 - 00001102 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-18 17:24 - 2014-07-18 17:24 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-18 17:24 - 2014-07-18 17:24 - 00000000 ____D () C:\Program Files\RealNetworks
2014-07-18 17:23 - 2014-07-18 17:23 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-07-18 17:21 - 2014-07-18 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-07-15 07:56 - 2014-07-15 07:56 - 02243616 _____ (Google Inc.) C:\Users\Bahlmann\Downloads\GoogleToolbarInstaller_en32_signed.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-10 00:45 - 2014-08-10 00:42 - 00018110 _____ () C:\Users\Bahlmann\Downloads\FRST.txt
2014-08-10 00:44 - 2009-07-14 06:34 - 00022016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 00:44 - 2009-07-14 06:34 - 00022016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 00:43 - 2013-03-08 19:03 - 00000000 ____D () C:\Users\Bahlmann\AppData\Roaming\Spotify
2014-08-10 00:43 - 2012-12-16 21:36 - 01871732 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 00:42 - 2014-08-10 00:41 - 00000000 ____D () C:\FRST
2014-08-10 00:41 - 2014-08-10 00:41 - 01084928 _____ (Farbar) C:\Users\Bahlmann\Downloads\FRST.exe
2014-08-10 00:40 - 2014-01-24 19:11 - 00000000 ___RD () C:\Users\Bahlmann\Google Drive
2014-08-10 00:39 - 2014-05-27 15:22 - 00000000 ____D () C:\Users\Bahlmann\Documents\Bleeping Computer
2014-08-10 00:36 - 2013-04-14 03:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-10 00:36 - 2012-12-26 16:04 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 00:36 - 2010-11-20 23:48 - 00087042 _____ () C:\Windows\PFRO.log
2014-08-10 00:36 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 00:36 - 2009-07-14 06:39 - 00059474 _____ () C:\Windows\setupact.log
2014-08-10 00:33 - 2014-03-22 15:08 - 00000000 ____D () C:\AdwCleaner
2014-08-10 00:29 - 2012-12-26 16:04 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 23:47 - 2014-07-09 15:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 09:45 - 2014-04-03 20:11 - 00000000 ____D () C:\Users\Bahlmann\Documents\Sanctuary
2014-08-08 23:59 - 2014-04-03 20:12 - 00000000 ____D () C:\Users\Bahlmann\Documents\MM
2014-08-08 01:08 - 2014-02-06 22:25 - 00000000 ____D () C:\Users\Bahlmann\AppData\Local\Battle.net
2014-08-07 12:44 - 2014-02-06 22:28 - 00000000 ____D () C:\Program Files\Hearthstone
2014-08-07 12:17 - 2014-07-20 18:31 - 00000000 ____D () C:\Program Files\Diablo III Public Test
2014-08-07 12:12 - 2014-02-06 22:24 - 00000000 ____D () C:\Program Files\Battle.net
2014-08-05 19:17 - 2014-08-05 19:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 19:16 - 2014-08-05 19:16 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 19:16 - 2013-03-09 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 19:16 - 2013-03-09 20:08 - 00000000 ____D () C:\Program Files\Avira
2014-08-05 19:09 - 2013-03-09 20:08 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 06:42 - 2014-07-21 12:36 - 00018158 _____ () C:\Users\Bahlmann\Desktop\dds.txt
2014-08-05 06:42 - 2014-07-21 12:36 - 00006341 _____ () C:\Users\Bahlmann\Desktop\attach.txt
2014-08-05 06:40 - 2014-08-05 06:39 - 00688992 _____ (Swearware) C:\Users\Bahlmann\Downloads\dds (2).com
2014-08-05 06:39 - 2014-08-05 06:38 - 00688992 _____ (Swearware) C:\Users\Bahlmann\Downloads\dds (1).com
2014-08-05 06:02 - 2014-08-05 06:02 - 00093396 _____ () C:\Users\Bahlmann\Downloads\blocks.csv
2014-08-05 03:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 03:29 - 2013-07-30 12:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 03:02 - 2014-08-03 03:01 - 03133494 _____ () C:\Users\Bahlmann\Documents\Neue Bitmap.bmp
2014-08-02 03:54 - 2014-08-02 03:54 - 00111104 _____ () C:\Users\Bahlmann\Downloads\adhs psycho.ppt
2014-07-31 20:37 - 2014-04-03 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-31 20:36 - 2013-04-14 03:04 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-30 19:04 - 2014-04-03 16:37 - 00000000 ____D () C:\Users\Bahlmann\AppData\Local\NVIDIA Corporation
2014-07-25 15:50 - 2014-07-30 19:02 - 01291280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2014-07-25 15:50 - 2014-04-03 16:32 - 01126480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2014-07-25 03:02 - 2013-07-30 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 12:00 - 2014-02-06 22:24 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-07-22 11:41 - 2014-07-22 11:41 - 00895120 _____ (Google Inc.) C:\Users\Bahlmann\Downloads\ChromeSetup.exe
2014-07-21 12:27 - 2013-05-05 01:02 - 247421437 _____ () C:\Windows\MEMORY.DMP
2014-07-21 12:27 - 2013-05-05 01:02 - 00000000 ____D () C:\Windows\Minidump
2014-07-21 11:59 - 2014-03-29 20:51 - 00000000 ____D () C:\Users\Bahlmann\Documents\Diablo III
2014-07-20 18:31 - 2014-07-20 18:31 - 00001282 _____ () C:\Users\Public\Desktop\Diablo III Public Test.lnk
2014-07-20 18:31 - 2014-07-20 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-07-20 09:33 - 2012-12-26 16:06 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 18:09 - 2014-07-18 18:09 - 00000000 ____D () C:\Users\Bahlmann\AppData\Roaming\RealNetworks
2014-07-18 17:24 - 2014-07-18 17:24 - 00001102 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-07-18 17:24 - 2014-07-18 17:24 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-07-18 17:24 - 2014-07-18 17:24 - 00000000 ____D () C:\Program Files\RealNetworks
2014-07-18 17:24 - 2014-07-18 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-07-18 17:23 - 2014-07-18 17:23 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-07-18 17:23 - 2014-05-02 19:52 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-07-18 17:23 - 2013-04-28 08:26 - 00000000 ____D () C:\Program Files\Real
2014-07-18 17:23 - 2013-04-28 08:22 - 00000000 ____D () C:\ProgramData\Real
2014-07-18 17:21 - 2014-05-02 19:51 - 00278600 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2014-07-18 17:20 - 2014-05-02 19:50 - 00505416 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-07-18 17:20 - 2014-05-02 19:50 - 00353864 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-07-17 13:43 - 2013-01-05 17:43 - 00000000 ____D () C:\Users\Bahlmann\AppData\Roaming\Audacity
2014-07-15 14:15 - 2013-05-02 11:41 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-15 08:02 - 2012-12-26 16:03 - 00000000 ____D () C:\Users\Bahlmann\AppData\Local\Google
2014-07-15 07:56 - 2014-07-15 07:56 - 02243616 _____ (Google Inc.) C:\Users\Bahlmann\Downloads\GoogleToolbarInstaller_en32_signed.exe
 
Some content of TEMP:
====================
C:\Users\Bahlmann\AppData\Local\Temp\avgnt.exe
C:\Users\Bahlmann\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Bahlmann\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Bahlmann\AppData\Local\Temp\nvStInst.exe
C:\Users\Bahlmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Bahlmann\AppData\Local\Temp\SCC.dll
C:\Users\Bahlmann\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 01:23
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:9-08-2014 01
Ran by Bahlmann at 2014-08-10 00:45:51
Running from C:\Users\Bahlmann\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Belkin USB Wireless Adaptor (HKLM\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (Version: 1.0.0.10 - Belkin) Hidden
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
CPUID CPU-Z 1.67.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DriverTuner 3.1.0.0 (HKLM\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
DVDVideoSoftTB DE Toolbar (HKCU\...\CT2625848) (Version: 10.14.0.127 - DVDVideoSoftTB DE)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.1.42.1212 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.42.1212 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 2510 series - Grundlegende Software für das Gerät (HKLM\...\{AEE763B1-34D4-494E-920C-12BCD8A9E76B}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Hilfe (HKLM\...\{07B48D2C-E60D-41E6-B546-11D128F633EC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{6C88C4F6-797D-4FDE-9FCE-7C486B78EFBB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
RealDownloader (Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.11 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
TERRATEC Cinergy 2400i DT (32 Bit) (HKLM\...\{BE6139F7-2C32-44AA-AE5C-9E42262F46FB}) (Version: 1.1.0.284 - TERRATEC)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows-Treiberpaket - TerraTec  (MicNgBas) Media  (04/21/2009 1.1.0.0284) (HKLM\...\81C8EA38405A23287E042002943A9BB95627F861) (Version: 04/21/2009 1.1.0.0284 - TerraTec )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3889335621-747394281-1454090845-1000_Classes\CLSID\{80A95F12-94C2-4B1D-8AE3-F0CBE5E96E85}\InprocServer32 -> C:\Users\Bahlmann\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAW~2.DLL No File
 
==================== Restore Points  =========================
 
01-08-2014 19:26:32 Windows Update
05-08-2014 06:14:20 Windows Update
08-08-2014 20:29:18 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3AF5535A-149C-41D1-92D3-983137019A66} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3889335621-747394281-1454090845-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.)
Task: {51A5E421-11FD-410F-AB4E-4AD0D1381F0D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3889335621-747394281-1454090845-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-26] (RealNetworks, Inc.)
Task: {5DF4ABD1-5388-4739-9DC9-DAD089381D30} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3889335621-747394281-1454090845-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A3E52722-98F3-4359-8E9B-DD71A18A7188} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3889335621-747394281-1454090845-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A6142B29-2D1C-4062-BB26-26680ABA1F3A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {BD489C96-CAD3-4A15-8FED-3E505B800D91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {F08448B1-AD17-4D74-B589-BC5BFFCA3E59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-14 03:06 - 2014-07-02 21:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-05-02 19:50 - 2014-07-18 17:21 - 00861784 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-06-26 00:43 - 2014-06-26 00:43 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-05 19:09 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Bahlmann\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-03-08 19:05 - 2014-04-03 20:06 - 36966968 _____ () C:\Users\Bahlmann\AppData\Roaming\Spotify\Data\libcef.dll
2014-08-10 00:37 - 2014-08-10 00:37 - 00098816 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32api.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00110080 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\pywintypes27.dll
2014-08-10 00:37 - 2014-08-10 00:37 - 00364544 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\pythoncom27.dll
2014-08-10 00:37 - 2014-08-10 00:37 - 00045568 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\_socket.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 01160704 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\_ssl.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00320512 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32com.shell.shell.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00713216 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\_hashlib.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 01175040 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\wx._core_.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00805888 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\wx._gdi_.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00811008 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\wx._windows_.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 01062400 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\wx._controls_.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00735232 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\wx._misc_.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00128512 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\_elementtree.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00127488 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\pyexpat.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00557056 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\pysqlite2._sqlite.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00007168 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\hashobjs_ext.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00087552 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\_ctypes.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00119808 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32file.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00108544 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32security.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00018432 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32event.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00038912 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32inet.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00070656 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\wx._html2.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00167936 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32gui.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00011264 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32crypt.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00027136 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\_multiprocessing.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00122368 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\wx._wizard.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00010240 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\select.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00024064 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32pipe.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00686080 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\unicodedata.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00025600 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32pdh.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00525640 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\windows._lib_cacheinvalidation.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00035840 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32process.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00017408 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32profile.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00022528 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\win32ts.pyd
2014-08-10 00:37 - 2014-08-10 00:37 - 00078336 _____ () C:\Users\Bahlmann\AppData\Local\Temp\_MEI9962\wx._animate.pyd
2014-07-20 09:33 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-20 09:33 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-20 09:33 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 09:33 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 09:33 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: MpKsl02a5868a
Description: MpKsl02a5868a
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl02a5868a
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2014 00:37:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/09/2014 03:45:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (08/09/2014 03:43:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (08/09/2014 03:39:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (08/09/2014 03:39:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (08/08/2014 02:54:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (08/08/2014 02:53:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (08/08/2014 02:50:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (08/08/2014 02:50:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error: (08/06/2014 03:07:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.88, Zeitstempel: 0x511afc59
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039342
ID des fehlerhaften Prozesses: 0x8bc
Startzeit der fehlerhaften Anwendung: 0xDivXUpdate.exe0
Pfad der fehlerhaften Anwendung: DivXUpdate.exe1
Pfad des fehlerhaften Moduls: DivXUpdate.exe2
Berichtskennung: DivXUpdate.exe3
 
 
System errors:
=============
Error: (08/10/2014 00:36:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde mit folgendem Fehler beendet: 
%%-2147024773
 
Error: (08/05/2014 03:30:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde mit folgendem Fehler beendet: 
%%-2147024773
 
Error: (08/05/2014 03:27:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (07/29/2014 08:26:27 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LINDA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{664EA8EF-8EAB-46E9-87C2-B43BEFB74-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error: (07/26/2014 02:31:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error: (07/22/2014 11:26:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde mit folgendem Fehler beendet: 
%%-2147024773
 
Error: (07/22/2014 10:01:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde mit folgendem Fehler beendet: 
%%-2147024773
 
Error: (07/22/2014 09:23:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
 
Error: (07/21/2014 00:27:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Microsoft Antimalware Service" wurde mit folgendem Fehler beendet: 
%%-2147024773
 
Error: (07/21/2014 00:27:37 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x00000003, 0x82f74890, 0x97f0804a, 0x82e74bba)C:\Windows\MEMORY.DMP
 
 
Microsoft Office Sessions:
=========================
Error: (08/10/2014 00:37:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/09/2014 03:45:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe
 
Error: (08/09/2014 03:43:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\drivertuner\DPInst64.exe
 
Error: (08/09/2014 03:39:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe
 
Error: (08/09/2014 03:39:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe
 
Error: (08/08/2014 02:54:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe
 
Error: (08/08/2014 02:53:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\drivertuner\DPInst64.exe
 
Error: (08/08/2014 02:50:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2510 series\DriverStore\Pipeline\amd64\hpinkinsAC11.exe
 
Error: (08/08/2014 02:50:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe
 
Error: (08/06/2014 03:07:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DivXUpdate.exe1.0.6.88511afc59ole32.dll6.1.7601.175144ce7b96fc0000005000393428bc01cfb04cd0a103d0C:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Windows\system32\ole32.dllfedf2054-1d05-11e4-ab14-00e052f327cc
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 62%
Total physical RAM: 3071.55 MB
Available physical RAM: 1136.68 MB
Total Pagefile: 6141.4 MB
Available Pagefile: 3756.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.01 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.05 GB) (Free:65.63 GB) NTFS
Drive d: () (Fixed) (Total:149.04 GB) (Free:147.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CE5D9E5D)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 7F9A6D8A)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
# AdwCleaner v3.304 - Bericht erstellt am 10/08/2014 um 00:33:03
# Aktualisiert 08/08/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Bahlmann - BAHLMANN-PC
# Gestartet von : C:\Users\Bahlmann\Documents\Bleeping Computer\adwcleaner_3.304.exe
# Option : Löschen
 
***** [ Dienste ] *****
 
 
***** [ Dateien / Ordner ] *****
 
 
***** [ Tasks ] *****
 
Task Gelöscht : MySearchDial
Task Gelöscht : Scheduled Update for Ask Toolbar
 
***** [ Verknüpfungen ] *****
 
 
***** [ Registrierungsdatenbank ] *****
 
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browser ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v36.0.1985.125
 
[ Datei : C:\Users\Bahlmann\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1083 octets] - [10/08/2014 00:29:11]
AdwCleaner[S0].txt - [1005 octets] - [10/08/2014 00:33:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1065 octets] ##########
 
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 10 August 2014 - 08:07 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-01-01]
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 MpKsl02a5868a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77072FF4-95F6-4F0A-956D-0D61707F0A00}\MpKsl02a5868a.sys [X]
S3 MSICDSetup; \??\E:\CDriver.sys [X]
C:\Program Files\Common Files\DVDVideoSoft

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists with the CAPTCHA reset you router.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 10 August 2014 - 09:09 AM

hi nasdaq

 

I reseted the rooter a few days ago already & ever since than I got no problems anymore with the CAPTCHA

 

so here are the logs

 

 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop                   
Microsoft Security Essentials   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 Adobe Reader XI  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
 
=======
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:10-08-2014
Ran by Bahlmann at 2014-08-10 16:01:51 Run:1
Running from C:\Users\Bahlmann\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-01-01]
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 MpKsl02a5868a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77072FF4-95F6-4F0A-956D-0D61707F0A00}\MpKsl02a5868a.sys [X]
S3 MSICDSetup; \??\E:\CDriver.sys [X]
C:\Program Files\Common Files\DVDVideoSoft
 
End
*****************
 
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900} => value deleted successfully.
C:\Program Files\Common Files\DVDVideoSoft\plugins\ff => Moved successfully.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
MpKsl02a5868a => Service deleted successfully.
MSICDSetup => Service deleted successfully.
C:\Program Files\Common Files\DVDVideoSoft => Moved successfully.
 
==== End of Fixlog ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 10 August 2014 - 12:11 PM

Your logs are clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 clueso

clueso
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 10 August 2014 - 07:31 PM

thank you very much 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 11 August 2014 - 08:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users