Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

no access to internet for browsers and anti virus software 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 6:45 pm

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Helmut [Administrator]
Mode : Delete -- Date : 12/21/2014 23:27:05

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 52 ¤¤¤
[Hj.Name] (X64) HKEY_USERS\RK_Default_ON_D_7C2D\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Not selected
[Hj.Name] (X86) HKEY_USERS\RK_Default_ON_D_7C2D\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Not selected
[Hj.Name] (X64) HKEY_USERS\RK_Default_ON_F_A504\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Not selected
[Hj.Name] (X86) HKEY_USERS\RK_Default_ON_F_A504\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Monika_ON_D_4A0A\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Monika_ON_D_4A0A\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] prmpfpw4.default : user_pref("browser.startup.homepage", "www.google.de"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD080HJ/P ATA Device +++++
--- User ---
[MBR] cf98189a72125b067836d2521205c493
[BSP] 6832a645c4af6fdac5fa13740ebd2657 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76191 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] ad67814fbd8520eb544d37a0f6df8cdb
[BSP] 4f0ce7a892be822d9904587220ec4c9b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST310005 28AS USB Device +++++
--- User ---
[MBR] 7435b395373533bcd39085cd12602a0e
[BSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive3: Hama CF Card Reader USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive4: Hama SM Card Reader USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive5: Hama SD Card Reader USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive6: Hama MS Card Reader USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )


============================================
RKreport_SCN_12212014_211547.log - RKreport_SCN_12212014_232402.log
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm
Advertisement
Register to Remove

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 6:45 pm

OTL logfile created on: 21.12.2014 23:29:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helmut\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,49 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 66,01% Memory free
6,98 Gb Paging File | 5,71 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,41 Gb Total Space | 43,24 Gb Free Space | 58,12% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 813,20 Gb Free Space | 87,30% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 383,75 Gb Free Space | 41,20% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - [2014.12.20 12:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\users\Helmut\Desktop\OTL.exe
PRC - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (All) ==========

MOD - [2014.12.20 12:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\users\Helmut\Desktop\OTL.exe
MOD - [2014.10.18 02:33:18 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll
MOD - [2014.10.14 02:50:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
MOD - [2014.10.14 02:49:38 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
MOD - [2014.08.23 02:45:55 | 000,311,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll
MOD - [2014.07.14 02:40:58 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll
MOD - [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
MOD - [2014.04.25 03:06:17 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
MOD - [2014.03.25 20:22:38 | 000,363,504 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2014.03.04 10:16:18 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
MOD - [2014.03.04 10:16:17 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
MOD - [2013.10.05 20:57:25 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
MOD - [2013.08.29 02:50:30 | 001,292,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
MOD - [2013.08.29 02:48:17 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll
MOD - [2013.07.26 02:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll
MOD - [2013.07.09 05:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2013.06.06 05:57:01 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll
MOD - [2012.05.05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2011.12.16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
MOD - [2011.05.24 11:40:05 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll
MOD - [2011.05.24 11:39:38 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll
MOD - [2010.11.21 04:25:15 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2010.11.21 04:24:26 | 001,128,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2010.11.21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll
MOD - [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll
MOD - [2010.11.21 04:24:16 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll
MOD - [2010.11.21 04:24:16 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll
MOD - [2010.11.21 04:24:14 | 000,295,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll
MOD - [2010.11.21 04:24:08 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll
MOD - [2010.11.21 04:24:08 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv
MOD - [2010.11.21 04:24:03 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll
MOD - [2010.11.21 04:24:01 | 001,414,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll
MOD - [2010.11.21 04:23:55 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.21 04:23:54 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll
MOD - [2010.11.21 04:23:51 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll
MOD - [2010.11.21 04:23:48 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2010.11.21 04:23:48 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll
MOD - [2010.11.21 04:23:48 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msasn1.dll
MOD - [2009.07.14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2009.07.14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll
MOD - [2009.07.14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll
MOD - [2009.07.14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll
MOD - [2009.07.14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll
MOD - [2009.07.14 02:15:21 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll
MOD - [2009.07.14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll
MOD - [2009.07.14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009.07.14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.11.22 03:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.12.19 18:30:12 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.12.13 17:44:59 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.10.10 16:03:38 | 001,771,560 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Architect 2\ws.exe -- (PDF Architect 2)
SRV - [2014.10.10 16:03:38 | 000,861,736 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe -- (pdfforge CrashHandler)
SRV - [2014.04.16 22:12:45 | 006,817,544 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV - [2014.03.25 20:22:20 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.12.21 23:19:35 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014.04.16 22:12:55 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.11.29 22:20:54 | 000,348,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smwdm.sys -- (smwdm)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 F8 A9 79 B1 01 D0 01 [binary data]
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\PDF Architect 2: C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\cliqz@cliqz.com: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\extensions\cliqz@cliqz.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014.11.17 18:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\users\Helmut\AppData\Roaming\Mozilla\Extensions
[2014.12.19 18:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\extensions
[2014.12.19 18:20:14 | 001,188,646 | ---- | M] () (No name found) -- C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\extensions\cliqz@cliqz.com.xpi
[2014.11.19 19:43:49 | 000,000,663 | ---- | M] () -- C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\searchplugins\google-images.xml
[2014.11.19 19:43:49 | 000,002,307 | ---- | M] () -- C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\searchplugins\google-maps.xml
[2014.12.19 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.12.19 18:30:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2357582960-234970388-848089052-1001..\RunOnce: [Adobe Speed Launcher] 1419200258 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2357582960-234970388-848089052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292AC986-4040-4DA9-BF90-6B61C8D03291}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.12.21 21:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014.12.21 20:27:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.12.21 20:25:31 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\Helmut\Desktop\JRT.exe
[2014.12.21 19:59:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2014.12.20 14:32:06 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\vlc
[2014.12.20 12:00:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2014.12.20 11:45:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.12.20 11:45:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014.12.20 11:19:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.12.20 11:19:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.12.20 11:19:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.12.20 11:18:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.12.20 11:18:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.12.20 11:07:54 | 005,601,641 | R--- | C] (Swearware) -- C:\Users\Helmut\Desktop\ComboFix.exe
[2014.12.20 11:00:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014.12.19 18:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.12.18 18:06:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.12.18 18:06:09 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.12.14 11:49:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.12.13 18:22:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014.12.11 17:09:30 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014.12.11 17:09:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014.12.11 17:09:30 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014.12.11 17:09:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014.12.11 17:09:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014.12.11 17:09:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014.12.11 17:09:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014.12.11 17:09:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014.12.11 17:09:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014.12.11 17:09:29 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014.12.11 17:08:32 | 001,232,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2014.12.11 17:08:32 | 001,083,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.12.11 17:08:32 | 000,830,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014.12.11 17:08:32 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014.12.11 17:08:31 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014.12.11 17:08:31 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.12.11 17:08:31 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014.12.11 17:08:30 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.12.11 17:08:28 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014.12.11 17:08:14 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.12.11 17:08:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.12.11 17:08:13 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.12.11 17:08:13 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.12.11 17:08:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.12.11 17:08:12 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.12.11 17:08:12 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.12.11 17:08:11 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.12.11 17:08:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.12.11 17:08:08 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.12.11 17:08:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.12.11 17:08:07 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.12.11 17:08:07 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.12.11 17:08:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.12.11 17:08:06 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.12.11 17:08:06 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.12.11 17:08:06 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.12.11 17:08:06 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.12.11 17:08:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.12.11 17:08:04 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.12.11 17:08:03 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.12.11 17:08:02 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.12.11 17:08:00 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.12.11 17:08:00 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.12.11 17:08:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.12.11 17:07:59 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.12.11 17:07:58 | 006,039,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.12.11 17:07:58 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.12.11 17:07:58 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.12.11 17:07:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.12.11 17:07:57 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.12.11 17:07:57 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.12.11 17:07:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.12.11 17:06:20 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2014.12.11 17:06:20 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2014.12.11 17:06:17 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2014.12.11 17:06:17 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2014.12.11 17:06:17 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2014.12.11 17:06:17 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2014.12.11 17:06:17 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2014.12.11 17:06:17 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2014.12.11 17:06:17 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2014.12.11 17:06:17 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2014.11.26 19:43:14 | 003,981,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.11.26 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop\2014_11_26
[2014.11.26 19:34:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014.11.26 19:30:04 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Canon
[2014.11.26 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2014.11.26 19:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 100
[2014.11.26 19:28:23 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2014.11.26 19:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon

========== Files - Modified Within 30 Days ==========

[2014.12.21 23:24:09 | 000,031,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.21 23:24:09 | 000,031,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.21 23:19:35 | 000,035,064 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014.12.21 23:16:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.21 23:16:43 | 2810,818,560 | -HS- | M] () -- C:\hiberfil.sys
[2014.12.21 21:10:45 | 015,201,368 | ---- | M] () -- C:\Users\Helmut\Desktop\RogueKiller.exe
[2014.12.21 21:02:50 | 000,165,376 | ---- | M] () -- C:\Users\Helmut\Desktop\SystemLook_x64.exe
[2014.12.21 21:01:49 | 001,645,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.12.21 21:01:49 | 000,702,198 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.12.21 21:01:49 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.12.21 21:01:49 | 000,149,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.12.21 21:01:49 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.12.21 20:43:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.12.21 20:25:14 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\Helmut\Desktop\JRT.exe
[2014.12.21 20:21:23 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014.12.21 20:16:24 | 002,173,952 | ---- | M] () -- C:\Users\Helmut\Desktop\adwcleaner_4.106.exe
[2014.12.20 12:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2014.12.20 11:08:03 | 005,601,641 | R--- | M] (Swearware) -- C:\Users\Helmut\Desktop\ComboFix.exe
[2014.12.18 18:14:34 | 000,056,592 | ---- | M] () -- C:\Users\Helmut\Desktop\Diplomurkunde.pdf
[2014.12.13 17:44:34 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.12.13 17:44:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.12.13 17:43:44 | 003,981,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.12.13 06:09:01 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.12.13 04:33:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.12.07 13:43:09 | 000,280,426 | ---- | M] () -- C:\Users\Helmut\Desktop\LH_WEBCKI.DE.PORTAL.FaYnHRuRVJXG1QqOZ0ZG87.pdf
[2014.12.06 17:15:06 | 000,101,314 | ---- | M] () -- C:\Users\Helmut\Desktop\Diplomzeugnis.pdf
[2014.12.04 03:50:55 | 000,413,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.12.04 03:50:45 | 000,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014.12.04 03:50:40 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014.12.04 03:50:38 | 000,830,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014.12.04 03:50:37 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.12.04 03:50:37 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014.12.04 03:44:48 | 001,083,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.12.02 00:28:44 | 001,232,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2014.11.26 19:29:11 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2014.11.26 19:28:57 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2014.11.22 04:06:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.11.22 03:50:39 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.22 03:50:10 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.11.22 03:49:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.11.22 03:48:20 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.11.22 03:40:41 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.22 03:37:10 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.11.22 03:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.11.22 03:34:51 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.11.22 03:34:07 | 006,039,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.22 03:26:31 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.22 03:22:40 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.22 03:14:16 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.22 03:09:12 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.22 03:08:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.22 03:07:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.22 03:06:32 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.11.22 03:05:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.11.22 03:05:01 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.22 02:58:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.22 02:56:40 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.11.22 02:54:30 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.11.22 02:49:29 | 000,718,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.22 02:49:28 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.22 02:47:10 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.11.22 02:46:58 | 002,125,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.22 02:40:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.22 02:36:14 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.22 02:35:24 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.22 02:22:49 | 002,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.22 02:21:57 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.11.22 02:03:42 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.11.22 01:54:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

========== Files Created - No Company Name ==========

[2014.12.21 21:11:11 | 000,035,064 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014.12.21 21:11:04 | 015,201,368 | ---- | C] () -- C:\Users\Helmut\Desktop\RogueKiller.exe
[2014.12.21 21:03:02 | 000,165,376 | ---- | C] () -- C:\Users\Helmut\Desktop\SystemLook_x64.exe
[2014.12.21 20:17:01 | 002,173,952 | ---- | C] () -- C:\Users\Helmut\Desktop\adwcleaner_4.106.exe
[2014.12.20 11:19:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.12.20 11:19:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.12.20 11:19:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.12.20 11:19:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.12.20 11:19:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.12.18 18:12:03 | 000,056,592 | ---- | C] () -- C:\Users\Helmut\Desktop\Diplomurkunde.pdf
[2014.12.07 13:43:07 | 000,280,426 | ---- | C] () -- C:\Users\Helmut\Desktop\LH_WEBCKI.DE.PORTAL.FaYnHRuRVJXG1QqOZ0ZG87.pdf
[2014.12.06 17:15:05 | 000,101,314 | ---- | C] () -- C:\Users\Helmut\Desktop\Diplomzeugnis.pdf
[2014.11.26 19:29:11 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2014.11.26 19:28:57 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2014.11.19 19:38:28 | 000,004,616 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014.11.19 19:38:28 | 000,002,448 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014.11.19 19:29:37 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2014.11.16 20:50:43 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.11.26 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Canon
[2014.11.19 19:29:37 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Cliqz
[2014.11.17 18:57:56 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\ImgBurn
[2014.11.27 06:33:08 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Canon
[2014.11.17 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\elsterformular

< End of report >
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 22nd, 2014, 1:49 am

Hello Helmut13,

When I open an internet browser (Firefox or internet explorer) there is an error message concerning the proxy settings. Additionally it is not possible to update my anti virus and firewall. However, Outlook is running normal and in the windows 7 it looks that there is a normal connection to the internet.
When I change the Firefox settings to no proxy, which is not the usual setting I think, Firefox is working properly.

Please tell me, do you see any changes from your original post?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3179
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 22nd, 2014, 3:58 am

Hello pgmigg,

the error message for the internet browsers is gone and it works fine. :-)

But it is still not possible to update my anti virus and firewalll.

Thanks,
Helmut13
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 22nd, 2014, 2:47 pm

Hello Helmut13,

the error message for the internet browsers is gone and it works fine. :-)
Very good - it is very important for our treatment process. I glad to hear such news! :D
But it is still not possible to update my anti virus and firewalll.
It is not clear for me why you have such problems and we can spend a lot of time to try to understand the reason.
Instead of it, I would like to suggest you to download Avast Free Antivirus from this link, then uninstall your current COMODO Internet Security Premium, restart computer, and install Avast. Hopefully you last problems will gone...

Then, if you will not be happy with Avast, you can rebuild the COMODO Internet Security Premium from the scratch.

Please let me know your decision and possible results.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3179
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 23rd, 2014, 9:20 am

Hello pgmigg,

I followed your suggestion to uninstall COMODO and to install Avast.

Some questions regarding my last roguekiller log:

- there were some errors for registry things I wanted to delete, is this a problem?
- the mctadmin lines were checked by default to delete, but I unchecked them, is this ok?

And a last question, I wanted to backup my data but the windows tool does not work. Could you suggest me another freeware which is a good backup tool?

Thank you very much
Helmut13
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 23rd, 2014, 3:49 pm

Hello Helmut13,

- there were some errors for registry things I wanted to delete, is this a problem?
I don't know about which entries you mentioned. If you would like to discuss anything, you need to point to exact entries or lines.
Please remember that any non-authorized removal can lead to irreversible consequences, including the Blue Screen Of Death, especially when it comes from deleted registry items!
- the mctadmin lines were checked by default to delete, but I unchecked them, is this ok?
There were no entries to delete by default - your first run of RogueKiller was done for scan only. Not an every entry found by any scanner must be deleted. Before to ask you to delete something, I made an research and analysis of every entry by entry to be sure that deleted items were related to specific problem only. I did not ask you to delete "mctadmin lines" in my RogueKiller - Fix instruction.
And a last question, I wanted to backup my data but the windows tool does not work. Could you suggest me another freeware which is a good backup tool?
There are a lot of programs and/or methods to backup your stuff. I can suggest you use two completely different ways to do it:
  1. Backup by program only (completely free method) - try to download and install EaseUS Todo Backup Free 8.0. This program not only allows you to make a backup of your files, but also to make a clone of your hard disk too!
    It is not a freeware - it has free and pro versions but free one is more than enough for personal use.
  2. Backup by software and hardware - personally I used for backup of my own data the Western Digital External drive with WD SmartWare Pro automatic backup software which lets you to choose when and where you back up your files. You can see an example of such drive here.
    In this case you need to spend money for hardware only - the software will be free and pre-installed on the drive. Very important here is the moment inherent in WD technology - in fact, a program from the external disk installs the client backup software on your computer and incremental backup (of selected folders or of the entire disk) will be run automatically on the background only when the external drive is connected to computer.

Step 1.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ESETScan.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3179
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 24th, 2014, 9:53 am

Hi pgmigg,

below you find a part of my last roguekiller log, where I marked the lines with errors in bold and the mctadmin in italic. After the scan the mctadmin lines (in italic) were automatically checked and I had to uncheck them to not delete them.

¤¤¤ Registry : 52 ¤¤¤
[Hj.Name] (X64) HKEY_USERS\RK_Default_ON_D_7C2D\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Not selected
[Hj.Name] (X86) HKEY_USERS\RK_Default_ON_D_7C2D\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Not selected
[Hj.Name] (X64) HKEY_USERS\RK_Default_ON_F_A504\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Not selected
[Hj.Name] (X86) HKEY_USERS\RK_Default_ON_F_A504\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Not selected

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\RK_Monika_ON_F_B897\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_D_BE0F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_F_B21D\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> ERROR [2]


The new log is in a second post.
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 25th, 2014, 1:30 am

Hello Helmut13,

After the scan the mctadmin lines (in italic) were automatically checked and I had to uncheck them to not delete them.
As I already wrote here, not all entries were found should be removed - some of them may be suspicious for some reason. It is in order not to remove too much, tools that can not only scan, but also destroy, run in two stages - first scanning and analysis, and then delete what is really needed.

I am waiting for your ESET log...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3179
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 25th, 2014, 6:00 am

C:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\users\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\users\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
C:\users\Helmut\Downloads\PDFCreator-1_7_3_setup(1).exe Win32/InstallMonetizer.AQ potentially unwanted application
C:\users\Helmut\Downloads\PDFCreator-1_7_3_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
C:\users\Helmut\Downloads\professionalplus.exe a variant of Win32/Downloader.JooSoft.A potentially unwanted application
C:\users\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe a variant of Win32/DownloadGuide.A potentially unwanted application
C:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe a variant of Win32/DownloadSponsor.A potentially unwanted application
C:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
C:\users\Monika\Desktop\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\users\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
C:\users\Monika\Documents\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\users\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
C:\users\Monika\Pictures\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
D:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\users\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe Win32/Toolbar.Conduit.S potentially unwanted application
D:\users\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
D:\users\Helmut\Downloads\PDFCreator-1_7_3_setup(1).exe Win32/InstallMonetizer.AQ potentially unwanted application
D:\users\Helmut\Downloads\PDFCreator-1_7_3_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
D:\users\Helmut\Downloads\professionalplus.exe a variant of Win32/Downloader.JooSoft.A potentially unwanted application
D:\users\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe a variant of Win32/DownloadGuide.A potentially unwanted application
D:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe a variant of Win32/DownloadSponsor.A potentially unwanted application
D:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
D:\users\Monika\Desktop\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
D:\users\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
D:\users\Monika\Documents\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
D:\users\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
D:\users\Monika\Pictures\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
F:\Benutzer\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
F:\Benutzer\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
F:\Benutzer\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe Win32/Toolbar.Conduit.S potentially unwanted application
F:\Benutzer\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
F:\Benutzer\Helmut\Downloads\PDFCreator-1_7_3_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
F:\Benutzer\Helmut\Downloads\professionalplus.exe a variant of Win32/Downloader.JooSoft.A potentially unwanted application
F:\Benutzer\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe a variant of Win32/DownloadGuide.A potentially unwanted application
F:\Benutzer\Helmut\Downloads\Sony_Ericsson_PC_Suite_6.011.00_Web_DEU_CB-DL-Manager.exe a variant of Win32/InstallCore.OZ potentially unwanted application
F:\Benutzer\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe a variant of Win32/DownloadSponsor.A potentially unwanted application
F:\Benutzer\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
F:\Benutzer\Monika\Desktop\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
F:\Benutzer\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
F:\Benutzer\Monika\Documents\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
F:\Benutzer\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
F:\Benutzer\Monika\Pictures\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
F:\Benutzer_alt\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
F:\Benutzer_alt\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
F:\Benutzer_alt\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe Win32/Toolbar.Conduit.S potentially unwanted application
F:\Benutzer_alt\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
F:\Benutzer_alt\Helmut\Downloads\DTLite4491-0356.exe Win32/DownWare.L potentially unwanted application
F:\Benutzer_alt\Helmut\Downloads\PDFCreator-1_7_3_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
F:\Benutzer_alt\Helmut\Downloads\VLC media player 32 Bit - CHIP-Downloader.exe a variant of Win32/DownloadSponsor.A potentially unwanted application
F:\Benutzer_alt\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
F:\Benutzer_alt\Monika\Desktop\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-07-04 201719\Backup files 2.zip Win32/Toolbar.Conduit.S potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-07-06 190000\Backup files 1.zip Win32/InstallMonetizer.AQ potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-07-06 190000\Backup files 10.zip Win32/Toolbar.Conduit potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-07-15 135817\Backup files 5.zip Win32/Toolbar.Conduit potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-08-11 202008\Backup files 2.zip Win32/Toolbar.Conduit.S potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-09-29 181101\Backup files 1.zip Win32/InstallMonetizer.AQ potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-09-29 181101\Backup files 22.zip Win32/OpenCandy potentially unsafe application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-09-29 181101\Backup files 3.zip Win32/Toolbar.Conduit potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-09-29 181101\Backup files 4.zip multiple threats
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 2.zip Win32/Toolbar.Conduit.S potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 21.zip Win32/InstallMonetizer.AQ potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 29.zip Win32/Toolbar.Conduit potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 34.zip Win32/Toolbar.Conduit potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 42.zip Win32/Toolbar.Conduit potentially unwanted application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 66.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 67.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
F:\COMPUTER\Backup Set 2014-12-22 211941\Backup Files 2014-12-22 211941\Backup files 2.zip Win32/Toolbar.Conduit.S potentially unwanted application
F:\Users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe Win32/Toolbar.Conduit potentially unwanted application
F:\Users\Monika\Desktop\Moni\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 25th, 2014, 3:25 pm

Hello Helmut13,

It looks like your hard drives D: and F: are some kind of backup drives or used as additional storage contained many of duplicates of files from main disk C:
Your last log contains a lot of entries which are potentially unsafe or infected. Before we continue, I would like to classify them.

There are:
  1. Files found in backup folders:
    Code: Select all
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-07-04 201719\Backup files 2.zip Win32/Toolbar.Conduit.S potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-07-06 190000\Backup files 1.zip Win32/InstallMonetizer.AQ potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-07-06 190000\Backup files 10.zip Win32/Toolbar.Conduit potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-07-15 135817\Backup files 5.zip Win32/Toolbar.Conduit potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-08-11 202008\Backup files 2.zip Win32/Toolbar.Conduit.S potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-09-29 181101\Backup files 1.zip Win32/InstallMonetizer.AQ potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-09-29 181101\Backup files 22.zip Win32/OpenCandy potentially unsafe application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-09-29 181101\Backup files 3.zip Win32/Toolbar.Conduit potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-09-29 181101\Backup files 4.zip multiple threats
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 2.zip Win32/Toolbar.Conduit.S potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 21.zip Win32/InstallMonetizer.AQ potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 29.zip Win32/Toolbar.Conduit potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 34.zip Win32/Toolbar.Conduit potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 42.zip Win32/Toolbar.Conduit potentially unwanted application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 66.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    F:\COMPUTER\Backup Set 2014-07-04 201719\Backup Files 2014-10-28 181121\Backup files 67.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    F:\COMPUTER\Backup Set 2014-12-22 211941\Backup Files 2014-12-22 211941\Backup files 2.zip Win32/Toolbar.Conduit.S potentially unwanted application

    I guess if you are going to use new backup system from scratch, the best thing in such case is to delete them completely - I mean the whole backups files - you don't need to keep old, potentially unsafe backup.
  2. Multiple duplications for both users Monika and Helmut
    Code: Select all
    C:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe
    D:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe
    F:\Benutzer\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe
    F:\Benutzer_alt\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe 
    
    C:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe
    D:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe
    F:\Benutzer\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe
    F:\Benutzer_alt\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe 
    
    C:\users\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe
    D:\users\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe 
    F:\Benutzer\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe 
    F:\Benutzer_alt\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe 
    
    C:\users\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe
    D:\users\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe 
    F:\Benutzer\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe 
    F:\Benutzer_alt\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe
    F:\Benutzer_alt\Helmut\Downloads\PDFCreator-1_7_3_setup.exe 
    
    C:\users\Helmut\Downloads\PDFCreator-1_7_3_setup(1).exe
    C:\users\Helmut\Downloads\PDFCreator-1_7_3_setup.exe
    D:\users\Helmut\Downloads\PDFCreator-1_7_3_setup(1).exe
    D:\users\Helmut\Downloads\PDFCreator-1_7_3_setup.exe
    F:\Benutzer\Helmut\Downloads\PDFCreator-1_7_3_setup.exe
    
    C:\users\Helmut\Downloads\professionalplus.exe
    D:\users\Helmut\Downloads\professionalplus.exe
    F:\Benutzer\Helmut\Downloads\professionalplus.exe
    
    C:\users\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe
    D:\users\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe 
    F:\Benutzer\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe 
    
    C:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
    D:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
    F:\Benutzer\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe 
    F:\Benutzer_alt\Helmut\Downloads\VLC media player 32 Bit - CHIP-Downloader.exe
    
    C:\users\Monika\Desktop\Moni\wpsetup.exe
    C:\users\Monika\Documents\Moni\wpsetup.exe
    C:\users\Monika\Pictures\Moni\wpsetup.exe 
    D:\users\Monika\Desktop\Moni\wpsetup.exe
    D:\users\Monika\Documents\Moni\wpsetup.exe
    D:\users\Monika\Pictures\Moni\wpsetup.exe
    F:\Benutzer\Monika\Desktop\Moni\wpsetup.exe
    F:\Benutzer\Monika\Documents\Moni\wpsetup.exe
    F:\Benutzer\Monika\Pictures\Moni\wpsetup.exe 
    F:\Benutzer_alt\Monika\Desktop\Moni\wpsetup.exe
    F:\Users\Monika\Desktop\Moni\wpsetup.exe
    
    C:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    C:\users\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    C:\users\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    D:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    D:\users\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    D:\users\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    F:\Benutzer\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    F:\Benutzer\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    F:\Benutzer\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    F:\Benutzer_alt\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    F:\Users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    
  3. Other files

Before we start to delete anything, please make additional scans for some suspicious for me files:

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value in blue, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\users\Helmut\Downloads\professionalplus.exe
C:\users\Monika\Desktop\Moni\wpsetup.exe
C:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
C:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
F:\Benutzer_alt\Helmut\Downloads\DTLite4491-0356.exe
F:\Benutzer\Helmut\Downloads\Sony_Ericsson_PC_Suite_6.011.00_Web_DEU_CB-DL-Manager.exe


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total or Jotti.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3179
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 27th, 2014, 6:56 am

Hello pgmigg,

for the clarification of my different drives:

C: system drive with windows 7 and all other software
D: separate hard disk where my documents and settings of all users are physically stored. There is a link from C:\Users to D:\Users. I think this is the reason why everything is found twice ( on C and D).
F: is a third, external hard disk, used for storage and backup. You are right, if everything is fine in the end I will begin with the backup from scratch and can delete the old backups.

Some comments for the files you have listed and the results from jotti:

- C:\users\Helmut\Downloads\professionalplus.exe
I bought office 2010 professional at ebay and this is the corresponding download to install office

http://virusscan.jotti.org/en/scanresul ... ffea379b14

- C:\users\Monika\Desktop\Moni\wpsetup.exe
some download from my sister, not needed anymore

http://virusscan.jotti.org/en/scanresul ... 905ebec96a

- C:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
some download from my sister, not needed anymore

http://virusscan.jotti.org/en/scanresul ... 414d9ae223

- C:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
installer file for VLC media player, CHIP is a PC magazine which suppies very much freeware downloads on their webpage, I thik secure downloads

http://virusscan.jotti.org/en/scanresul ... 476c7536e2

- F:\Benutzer_alt\Helmut\Downloads\DTLite4491-0356.exe
I do not remember what this is, but I think I do not need it anymore. It is from an old backup.

http://virusscan.jotti.org/en/scanresul ... 0349f69f06

- F:\Benutzer\Helmut\Downloads\Sony_Ericsson_PC_Suite_6.011.00_Web_DEU_CB-DL-Manager.exe
software for an old mobile phone I used earlier, not needed anymore

http://virusscan.jotti.org/en/scanresul ... c09b12fff8

Best regards
Helmut13
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 27th, 2014, 4:48 pm

Hello Helmut13,

Good job! :D A few more words...
D: separate hard disk where my documents and settings of all users are physically stored. There is a link from C:\Users to D:\Users. I think this is the reason why everything is found twice ( on C and D).
F: is a third, external hard disk, used for storage and backup. You are right, if everything is fine in the end I will begin with the backup from scratch and can delete the old backups.

The space is limited even your have a lot of drives - keeping of many duplicates of files is not a good practice and created a mess. The best place to keep a really important stuff is external drive.
- C:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
installer file for VLC media player, CHIP is a PC magazine which suppies very much freeware downloads on their webpage, I thik secure downloads
In essence, the third party down-loaders are not as secure and reliable as you can imagine.
Many of them added some extra hidden software to your computer and then you surprisingly found that somehow your home page was change and instead of your preferable and trusted Google Search you will use ask.com search,and etc., etc., or it required you to install down-loader as separate application which will be used instead of direct download.

Please delete all your "not needed anymore" files plus couple more:

OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    C:\users\Helmut\Downloads\professionalplus.exe
    D:\users\Helmut\Downloads\professionalplus.exe
    C:\users\Monika\Desktop\Moni\wpsetup.exe
    C:\users\Monika\Documents\Moni\wpsetup.exe
    C:\users\Monika\Pictures\Moni\wpsetup.exe 
    D:\users\Monika\Desktop\Moni\wpsetup.exe
    D:\users\Monika\Documents\Moni\wpsetup.exe
    D:\users\Monika\Pictures\Moni\wpsetup.exe
    F:\Benutzer\Monika\Desktop\Moni\wpsetup.exe
    F:\Benutzer\Monika\Documents\Moni\wpsetup.exe
    F:\Benutzer\Monika\Pictures\Moni\wpsetup.exe 
    F:\Benutzer_alt\Monika\Desktop\Moni\wpsetup.exe
    F:\Users\Monika\Desktop\Moni\wpsetup.exe
    C:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    C:\users\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    C:\users\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    D:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    D:\users\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    D:\users\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    F:\Benutzer\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    F:\Benutzer\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    F:\Benutzer\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    F:\Benutzer_alt\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe 
    F:\Users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe
    C:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
    D:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
    F:\Benutzer\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe 
    F:\Benutzer_alt\Helmut\Downloads\VLC media player 32 Bit - CHIP-Downloader.exe
    F:\Benutzer_alt\Helmut\Downloads\DTLite4491-0356.exe
    C:\users\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe
    D:\users\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe 
    F:\Benutzer\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe 
    C:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe
    D:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe
    F:\Benutzer\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe
    F:\Benutzer_alt\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe 
    C:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe
    D:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe
    F:\Benutzer\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe
    C:\users\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe
    D:\users\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe 
    F:\Benutzer\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe 
    F:\Benutzer_alt\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe
    F:\Benutzer_alt\Helmut\Downloads\PDFCreator-1_7_3_setup.exe 
    C:\users\Helmut\Downloads\PDFCreator-1_7_3_setup(1).exe
    C:\users\Helmut\Downloads\PDFCreator-1_7_3_setup.exe
    D:\users\Helmut\Downloads\PDFCreator-1_7_3_setup(1).exe
    D:\users\Helmut\Downloads\PDFCreator-1_7_3_setup.exe
    C:\users\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe
    D:\users\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe 
    F:\Benutzer\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe 
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 3.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 4.
Please download delfix and save it to your desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3179
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 28th, 2014, 9:27 am

Hi pgmigg,

thank you very much for your help!

Please find attached my last log from OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\users\Helmut\Downloads\professionalplus.exe moved successfully.
File\Folder D:\users\Helmut\Downloads\professionalplus.exe not found.
C:\users\Monika\Desktop\Moni\wpsetup.exe moved successfully.
C:\users\Monika\Documents\Moni\wpsetup.exe moved successfully.
C:\users\Monika\Pictures\Moni\wpsetup.exe moved successfully.
File\Folder D:\users\Monika\Desktop\Moni\wpsetup.exe not found.
File\Folder D:\users\Monika\Documents\Moni\wpsetup.exe not found.
File\Folder D:\users\Monika\Pictures\Moni\wpsetup.exe not found.
F:\Benutzer\Monika\Desktop\Moni\wpsetup.exe moved successfully.
F:\Benutzer\Monika\Documents\Moni\wpsetup.exe moved successfully.
F:\Benutzer\Monika\Pictures\Moni\wpsetup.exe moved successfully.
F:\Benutzer_alt\Monika\Desktop\Moni\wpsetup.exe moved successfully.
F:\Users\Monika\Desktop\Moni\wpsetup.exe moved successfully.
C:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe moved successfully.
C:\users\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe moved successfully.
C:\users\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe moved successfully.
File\Folder D:\users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe not found.
File\Folder D:\users\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe not found.
File\Folder D:\users\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe not found.
F:\Benutzer\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe moved successfully.
F:\Benutzer\Monika\Documents\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe moved successfully.
F:\Benutzer\Monika\Pictures\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe moved successfully.
F:\Benutzer_alt\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe moved successfully.
F:\Users\Monika\Desktop\Moni\FreeYouTubeToMP3Converter_3.11.35.1031.exe moved successfully.
C:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe moved successfully.
File\Folder D:\users\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe not found.
F:\Benutzer\Helmut\Downloads\VLC media player 64 Bit - CHIP-Installer.exe moved successfully.
F:\Benutzer_alt\Helmut\Downloads\VLC media player 32 Bit - CHIP-Downloader.exe moved successfully.
F:\Benutzer_alt\Helmut\Downloads\DTLite4491-0356.exe moved successfully.
C:\users\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe moved successfully.
File\Folder D:\users\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe not found.
F:\Benutzer\Helmut\Downloads\soft32_Sony Ericsson PC Suite_1.0.exe moved successfully.
C:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe moved successfully.
File\Folder D:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe not found.
F:\Benutzer\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe moved successfully.
F:\Benutzer_alt\Helmut\Documents\Downloads\avira14_free_antivirus_de(1).exe moved successfully.
C:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe moved successfully.
File\Folder D:\users\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe not found.
F:\Benutzer\Helmut\Documents\Downloads\avira14_free_antivirus_de.exe moved successfully.
C:\users\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe moved successfully.
File\Folder D:\users\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe not found.
F:\Benutzer\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe moved successfully.
F:\Benutzer_alt\Helmut\Documents\Downloads\PDFCreator-1_7_0_setup.exe moved successfully.
F:\Benutzer_alt\Helmut\Downloads\PDFCreator-1_7_3_setup.exe moved successfully.
C:\users\Helmut\Downloads\PDFCreator-1_7_3_setup(1).exe moved successfully.
C:\users\Helmut\Downloads\PDFCreator-1_7_3_setup.exe moved successfully.
File\Folder D:\users\Helmut\Downloads\PDFCreator-1_7_3_setup(1).exe not found.
File\Folder D:\users\Helmut\Downloads\PDFCreator-1_7_3_setup.exe not found.
C:\users\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe moved successfully.
File\Folder D:\users\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe not found.
F:\Benutzer\Helmut\Documents\Downloads\isobuster_all_lang_3.2.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Default

User: Helmut
->Flash cache emptied: 0 bytes

User: Monika
->Flash cache emptied: 0 bytes

User: Public

User: Rita
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Default

User: Helmut

User: Monika

User: Public

User: Rita

Total Java Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Helmut
->Temp folder emptied: 10083701 bytes
->Temporary Internet Files folder emptied: 4342734 bytes
->FireFox cache emptied: 8773029 bytes
->Flash cache emptied: 0 bytes

User: Monika
->Temp folder emptied: 727 bytes
->Temporary Internet Files folder emptied: 4246507 bytes
->FireFox cache emptied: 3157168 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rita
->Temp folder emptied: 2227 bytes
->Temporary Internet Files folder emptied: 3558332 bytes
->FireFox cache emptied: 16683317 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2088765 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12282014_140431

Files\Folders moved on Reboot...
C:\Users\Helmut\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

best regards
Helmut13
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 29th, 2014, 12:05 am

You are very welcome, Helmut13!
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3179
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware