Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

no access to internet for browsers and anti virus software 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

no access to internet for browsers and anti virus software 2

Unread postby Helmut13 » December 14th, 2014, 7:16 am

Hello,

unfortunately I have the exactly same situation about one month ago (Maybe the origin of the maleware is somewhere in my documents.):

viewtopic.php?t=63242#.VI1ueMlNEcu

When I open an internet browser (Firefox or internet explorer) there is an error message concerning the proxy settings. Additionally it is not possible to update my anti virus and firewall. However, Outlook is running normal and in the windows 7 it looks that there is a normal connection to the internet.
When I change the Firefox settings to no proxy, which is not the usual setting I think, Firefox is working properly. A second computer in the same network is running normal with the stadard Firefox settings: "use proxy settings from the system".

Last time I had to reinstall the complete system because of some some systems errors (blue screen), which were no surely related to the maleware removal. Hopefully this is not the case again.

I already used adwcleaner and removed some things. If you are interested I could post the log.

Here are the DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Helmut at 12:13:25 on 2014-12-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3574.2253 [GMT 1:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:8897;https=127.0.0.1:8897
uProxyOverride = <-loopback>;www.joosoft.com
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRunOnce: [Adobe Speed Launcher] 1418554499
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{292AC986-4040-4DA9-BF90-6B61C8D03291} : DHCPNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\PDF Architect 2\np-previewer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-3-25 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-3-25 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-3-25 48360]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [2014-11-13 1351512]
R2 SearchProtectionService;IE Search Set;C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2014-11-13 15208]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-11 114688]
S3 PDF Architect 2;PDF Architect 2;C:\Program Files (x86)\PDF Architect 2\ws.exe [2014-10-10 1771560]
S3 pdfforge CrashHandler;pdfforge CrashHandler;C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [2014-10-10 861736]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2014-12-14 10:49:21 -------- d-----w- C:\AdwCleaner
2014-12-13 17:22:50 -------- d-----w- C:\Windows\System32\appraiser
2014-12-11 16:09:30 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-11 16:09:30 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-11 16:09:30 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-11 16:09:30 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-11 16:09:30 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-11 16:09:30 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-11 16:09:30 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-11 16:09:30 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-11 16:09:30 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-11 16:09:29 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-11 16:06:20 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-11-26 18:43:14 3981488 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-11-26 18:34:29 -------- d--h--w- C:\ProgramData\CanonIJScan
2014-11-26 18:27:23 -------- d-----w- C:\Program Files (x86)\Canon
2014-11-25 13:24:28 24294072 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-25 12:59:38 18638520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-21 16:11:19 -------- d-----w- C:\ProgramData\STAMP Remote Client
2014-11-19 18:50:19 -------- d-----w- C:\Program Files (x86)\PDF Architect 2
2014-11-19 18:48:49 -------- d-----w- C:\ProgramData\PDF Architect 2
2014-11-19 18:48:24 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2014-11-19 18:48:24 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2014-11-19 18:48:24 110264 ----a-w- C:\Windows\System32\pdfcmon.dll
2014-11-19 18:48:24 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-11-19 18:48:22 64512 ----a-w- C:\Windows\SysWow64\MSCC2DE.DLL
2014-11-19 18:48:22 158208 ----a-w- C:\Windows\SysWow64\MSCMCDE.DLL
2014-11-19 18:48:22 125712 ----a-w- C:\Windows\SysWow64\VB6DE.DLL
2014-11-19 18:48:21 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2014-11-19 18:48:21 -------- d-----w- C:\Program Files (x86)\PDFCreator
2014-11-19 18:38:18 358736 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2014-11-19 18:38:11 312424 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2014-11-19 18:37:03 -------- d-----w- C:\Program Files (x86)\Lavasoft
2014-11-19 18:30:53 -------- d-----w- C:\Users\Helmut\AppData\Local\Macromedia
2014-11-19 18:30:15 -------- d-----w- C:\Program Files\VideoLAN
2014-11-19 18:29:37 493056 ----a-w- C:\Windows\SysWow64\dhRichClient3.dll
2014-11-19 18:29:37 338432 ----a-w- C:\Windows\SysWow64\sqlite36_engine.dll
2014-11-19 18:29:36 -------- d-----w- C:\Users\Helmut\AppData\Roaming\Cliqz
2014-11-19 18:29:34 -------- d-----w- C:\Users\Helmut\AppData\Local\Programs
2014-11-19 18:25:52 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-19 18:25:52 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-19 18:24:12 -------- d-----w- C:\Users\Helmut\AppData\Local\Adobe
2014-11-19 18:11:05 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-11-19 18:09:55 -------- d-----w- C:\Windows\PCHEALTH
2014-11-19 18:09:55 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-11-19 18:06:48 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-11-19 18:04:58 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2014-11-19 18:04:58 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-11-19 18:03:44 -------- d-----w- C:\Users\Helmut\AppData\Local\Microsoft Help
2014-11-19 03:26:34 1614504 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-18 18:21:20 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-18 18:21:20 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-18 18:21:20 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-18 18:21:19 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-18 02:20:08 -------- d-----we C:\users
2014-11-17 17:41:28 -------- d-s---w- C:\ProgramData\Shared Space
2014-11-17 17:41:03 -------- d-----w- C:\Program Files\COMODO
2014-11-17 17:40:40 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-11-17 17:40:10 -------- d-----w- C:\ProgramData\Comodo
2014-11-17 17:29:44 80896 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP86.DLL
2014-11-17 17:29:44 27136 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD86.DLL
2014-11-17 17:29:25 234496 ----a-w- C:\Windows\System32\CNMLM86.DLL
2014-11-17 17:22:29 -------- d-----w- C:\Users\Helmut\AppData\Local\Mozilla
2014-11-16 20:22:36 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-11-16 20:22:36 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-16 20:17:24 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-11-16 20:17:24 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-11-16 20:17:15 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-11-16 20:17:15 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-11-16 20:17:15 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-11-16 20:17:15 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-11-16 20:17:15 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-11-16 20:17:15 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-11-16 20:17:15 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-11-16 20:17:15 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-11-16 20:17:15 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-11-16 19:57:23 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-11-16 19:57:23 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-11-16 19:57:22 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-11-16 19:57:21 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-11-16 19:48:45 -------- d-----w- C:\Windows\Migration
2014-11-16 19:48:22 -------- d-sh--w- C:\Windows\Installer
2014-11-16 19:46:01 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-16 19:29:28 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2014-11-16 19:29:26 -------- d-----w- C:\Windows\System32\wbem\en-US
2014-11-16 19:29:21 -------- d-s---w- C:\Windows\System32\CompatTel
2014-11-16 18:37:15 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-16 17:37:23 2560 ----a-w- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2014-11-16 17:12:48 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2014-11-16 17:11:38 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
2014-11-16 17:11:38 -------- d-----w- C:\Windows\SysWow64\x64
2014-11-16 17:06:55 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-16 17:06:50 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E22E5D6B-87CD-4668-A98C-8C40ECC5C7EB}\mpengine.dll
2014-11-16 16:41:44 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-11-16 16:41:44 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-11-16 16:41:44 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-11-16 16:41:43 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-11-16 16:41:43 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-11-16 16:41:43 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-11-16 16:41:43 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-11-16 16:25:38 -------- d-----w- C:\Windows\System32\MRT
2014-11-16 16:20:50 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-11-16 16:20:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-11-16 16:20:49 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-11-16 16:12:22 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-11-16 16:12:22 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-11-16 16:12:22 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-11-16 16:12:22 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-11-16 16:12:21 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-11-16 16:12:21 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-11-16 16:12:08 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-11-16 16:12:08 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-11-16 16:08:52 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-11-16 16:07:59 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2014-11-16 16:06:57 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-11-16 16:05:58 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2014-11-16 16:04:59 778752 ----a-w- C:\Windows\System32\mssvp.dll
2014-11-16 16:03:52 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-11-16 16:02:53 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2014-11-16 15:51:32 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-16 15:51:32 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-16 15:51:24 723456 ----a-w- C:\Windows\System32\EncDec.dll
2014-11-16 15:51:24 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2014-11-16 15:38:26 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-11-16 15:38:26 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-11-16 15:38:26 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-11-16 15:38:26 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-11-16 15:38:26 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-11-16 15:37:45 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-11-16 15:35:33 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-11-16 15:35:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-11-16 15:35:33 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-11-16 15:21:54 -------- d-sh--we C:\Programme
2014-11-16 15:21:54 -------- d-sh--we C:\ProgramData\Vorlagen
2014-11-16 15:21:54 -------- d-sh--we C:\ProgramData\Startmenü
2014-11-16 15:21:54 -------- d-sh--we C:\ProgramData\Favoriten
2014-11-16 15:21:54 -------- d-sh--we C:\ProgramData\Dokumente
2014-11-16 15:21:54 -------- d-sh--we C:\ProgramData\Anwendungsdaten
2014-11-16 15:21:54 -------- d-sh--we C:\Program Files\Gemeinsame Dateien
2014-11-16 15:21:54 -------- d-sh--we C:\Dokumente und Einstellungen
2014-11-16 15:21:54 -------- d-sh--w- C:\Recovery
2014-11-16 15:11:27 -------- d-----w- C:\Windows\Panther
.
==================== Find3M ====================
.
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:43 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:55:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-16 18:37:15 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-04 13:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
.
============= FINISH: 12:15:35,24 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16.11.2014 16:21:58
System Uptime: 14.12.2014 11:54:11 (1 hours ago)
.
Motherboard: Dell Inc. | | 0HH807
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 44,621 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 811,892 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 357,959 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP16: 06.12.2014 17:07:10 - Geplanter Prüfpunkt
RP17: 09.12.2014 12:51:14 - Windows Update
RP18: 11.12.2014 17:04:40 - Windows Update
RP19: 13.12.2014 17:36:22 - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware Web Companion
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.10) - Deutsch
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
Cliqz
COMODO Internet Security Premium
Definition Update for Microsoft Office 2010 (KB2899521) 64-Bit Edition
Intel(R) Graphics Media Accelerator Driver
LavasoftTcpService
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 32-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Mozilla Firefox 33.1.1 (x86 de)
Mozilla Maintenance Service
PDF Architect 2
PDF Architect 2 View Module
PDFCreator
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
STAMP Remote Client 2.2.3
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
VLC media player
Web Companion
.
==== End Of File ===========================
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm
Advertisement
Register to Remove

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 18th, 2014, 12:05 pm

Hello Helmut13,

Welcome back to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 18th, 2014, 1:15 pm

Hello Helmut13,

Step 1.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Click on 'Select all', then copy and paste the value below into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Locate the following program:
    Ad-Aware Web Companion
    LavasoftTcpService
    Web Companion
  4. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  5. When the program(s) have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.

Step 3.
Create a Fresh System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

Step 4.
ComboFix Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press I Agree to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix may reboot your computer allow this and follow all directions given.
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.


** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Step 5.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ComboFix.txt log file
  3. Contents of a OTL.txt log file
  4. Contents of a Extras.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 20th, 2014, 8:34 am

Hello,

I have done all 5 steps successfully, but I did not see any difference in the behaviour of the PC.

The logs are below:

ComboFix 14-12-14.01 - Helmut 20.12.2014 11:24:04.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3574.2480 [GMT 1:00]
ausgeführt von:: c:\users\Helmut\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Outdated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-20 bis 2014-12-20 ))))))))))))))))))))))))))))))
.
.
2014-12-20 10:37 . 2014-12-20 10:37 -------- d-----w- c:\users\Rita\AppData\Local\temp
2014-12-20 10:37 . 2014-12-20 10:37 -------- d-----w- c:\users\Monika\AppData\Local\temp
2014-12-20 10:37 . 2014-12-20 10:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-18 17:06 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-18 17:06 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-14 10:49 . 2014-12-14 10:53 -------- d-----w- C:\AdwCleaner
2014-12-13 17:22 . 2014-12-13 17:22 -------- d-----w- c:\windows\system32\appraiser
2014-12-11 16:09 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-11 16:09 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-11 16:09 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-11 16:09 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-11 16:09 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-11 16:09 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-11 16:09 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-11 16:09 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-11 16:09 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-11 16:09 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 16:07 . 2014-11-22 02:37 633856 ----a-w- c:\windows\system32\ieui.dll
2014-12-11 16:06 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-11-27 05:32 . 2014-11-27 05:33 -------- d-----w- c:\users\Rita\AppData\Roaming\Canon
2014-11-26 18:43 . 2014-12-13 16:43 3981488 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-26 18:34 . 2014-11-26 18:34 -------- d--h--w- c:\programdata\CanonIJScan
2014-11-26 18:30 . 2014-11-26 18:34 -------- d-----w- c:\users\Helmut\AppData\Roaming\Canon
2014-11-26 18:28 . 2014-11-26 18:28 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2014-11-26 18:27 . 2014-11-26 18:29 -------- d-----w- c:\program files (x86)\Canon
2014-11-25 13:24 . 2014-11-25 13:24 24294072 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-25 12:59 . 2014-11-25 12:59 18638520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-25 12:56 . 2014-11-25 12:56 -------- d-sh--w- c:\users\Rita\AppData\Local\EmieUserList
2014-11-25 12:56 . 2014-11-25 12:56 -------- d-sh--w- c:\users\Rita\AppData\Local\EmieSiteList
2014-11-25 12:56 . 2014-11-25 12:56 -------- d-sh--w- c:\users\Rita\AppData\Local\EmieBrowserModeList
2014-11-21 18:07 . 2014-11-21 18:07 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-11-21 16:11 . 2014-11-21 16:11 -------- d-----w- c:\programdata\STAMP Remote Client
2014-11-20 17:01 . 2014-11-20 17:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 17:01 . 2014-11-16 16:25 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-13 16:44 . 2014-11-19 18:25 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-13 16:44 . 2014-11-19 18:25 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-19 03:26 . 2014-11-19 03:26 1614504 ----a-w- c:\windows\system32\FM20.DLL
2014-11-16 18:49 . 2014-11-16 18:49 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-11-16 18:49 . 2014-11-16 18:49 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-11-16 18:49 . 2014-11-16 18:49 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-11-16 18:49 . 2014-11-16 18:49 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-11-16 18:49 . 2014-11-16 18:49 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-11-16 18:49 . 2014-11-16 18:49 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-11-16 18:49 . 2014-11-16 18:49 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-11-16 18:49 . 2014-11-16 18:49 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-11-16 18:49 . 2014-11-16 18:49 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-11-16 18:49 . 2014-11-16 18:49 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-11-16 18:49 . 2014-11-16 18:49 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-11-16 18:49 . 2014-11-16 18:49 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-11-16 18:49 . 2014-11-16 18:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-11-16 18:49 . 2014-11-16 18:49 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-11-16 18:49 . 2014-11-16 18:49 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-11-16 18:49 . 2014-11-16 18:49 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-11-16 18:49 . 2014-11-16 18:49 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-11-16 18:49 . 2014-11-16 18:49 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-11-16 18:49 . 2014-11-16 18:49 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-11-16 18:49 . 2014-11-16 18:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-11-16 18:49 . 2014-11-16 18:49 247808 ----a-w- c:\windows\system32\msls31.dll
2014-11-16 18:49 . 2014-11-16 18:49 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-11-16 18:49 . 2014-11-16 18:49 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-11-16 18:49 . 2014-11-16 18:49 81408 ----a-w- c:\windows\system32\icardie.dll
2014-11-16 18:49 . 2014-11-16 18:49 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-11-16 18:49 . 2014-11-16 18:49 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-11-16 18:49 . 2014-11-16 18:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-11-16 18:49 . 2014-11-16 18:49 413696 ----a-w- c:\windows\system32\html.iec
2014-11-16 18:49 . 2014-11-16 18:49 235520 ----a-w- c:\windows\system32\url.dll
2014-11-16 18:49 . 2014-11-16 18:49 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-16 18:49 . 2014-11-16 18:49 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-11-16 18:49 . 2014-11-16 18:49 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-16 18:49 . 2014-11-16 18:49 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-11-16 18:49 . 2014-11-16 18:49 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-11-16 18:49 . 2014-11-16 18:49 147968 ----a-w- c:\windows\system32\occache.dll
2014-11-16 18:49 . 2014-11-16 18:49 143872 ----a-w- c:\windows\system32\wextract.exe
2014-11-16 18:49 . 2014-11-16 18:49 101376 ----a-w- c:\windows\system32\inseng.dll
2014-11-16 18:49 . 2014-11-16 18:49 774144 ----a-w- c:\windows\system32\jscript.dll
2014-11-16 18:49 . 2014-11-16 18:49 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-11-16 18:49 . 2014-11-16 18:49 13824 ----a-w- c:\windows\system32\mshta.exe
2014-11-16 18:49 . 2014-11-16 18:49 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-11-16 18:37 . 2014-11-16 18:37 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-11-16 18:37 . 2014-11-16 18:37 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-11-16 18:37 . 2014-11-16 18:37 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-11-16 18:37 . 2014-11-16 18:37 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-11-16 18:37 . 2014-11-16 18:37 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-11-16 18:37 . 2014-11-16 18:37 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-11-16 18:37 . 2014-11-16 18:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-11-16 18:37 . 2014-11-16 18:37 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-11-16 18:37 . 2014-11-16 18:37 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-11-16 18:37 . 2014-11-16 18:37 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-11-16 18:37 . 2014-11-16 18:37 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-11-16 18:37 . 2014-11-16 18:37 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-11-16 18:37 . 2014-11-16 18:37 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-11-16 18:37 . 2014-11-16 18:37 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-11-16 18:37 . 2014-11-16 18:37 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-11-16 18:37 . 2014-11-16 18:37 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-11-16 18:37 . 2014-11-16 18:37 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-11-16 18:37 . 2014-11-16 18:37 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-11-16 18:37 . 2014-11-16 18:37 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-11-16 18:37 . 2014-11-16 18:37 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-11-16 18:37 . 2014-11-16 18:37 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-11-16 18:37 . 2014-11-16 18:37 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-11-16 18:37 . 2014-11-16 18:37 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-11-16 18:37 . 2014-11-16 18:37 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-11-16 18:37 . 2014-11-16 18:37 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-11-13 17:42 . 2014-11-19 18:38 358736 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2014-11-13 17:42 . 2014-11-19 18:38 312424 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2014-11-11 03:08 . 2014-11-18 18:21 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:21 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 18:21 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:21 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-04 13:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-25 01:57 . 2014-11-16 16:02 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-16 16:02 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-20 01:37 . 2014-11-16 17:06 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E22E5D6B-87CD-4668-A98C-8C40ECC5C7EB}\mpengine.dll
2014-10-18 02:05 . 2014-11-16 15:51 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-16 15:51 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-16 16:07 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-16 16:07 683520 ----a-w- c:\windows\system32\termsrv.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-19 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1275608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8897;https=127.0.0.1:8897
uInternet Settings,ProxyOverride = <-loopback>;www.joosoft.com
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Zeit der Fertigstellung: 2014-12-20 11:45:05
ComboFix-quarantined-files.txt 2014-12-20 10:45
.
Vor Suchlauf: 7 Verzeichnis(se), 46.736.330.752 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 46.520.000.512 Bytes frei
.
- - End Of File - - D6740A2D2DEE41185AB831F0CF90CC0E
A36C5E4F47E84449FF07ED3517B43A31
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 20th, 2014, 8:34 am

OTL logfile created on: 20.12.2014 12:02:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helmut\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,49 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 53,47% Memory free
6,98 Gb Paging File | 5,20 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,41 Gb Total Space | 43,42 Gb Free Space | 58,36% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 812,59 Gb Free Space | 87,23% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 383,75 Gb Free Space | 41,20% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.12.20 12:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\users\Helmut\Desktop\OTL.exe
PRC - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014.11.22 03:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.12.19 18:30:12 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.12.13 17:44:59 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.12.03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.10.10 16:03:38 | 001,771,560 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Architect 2\ws.exe -- (PDF Architect 2)
SRV - [2014.10.10 16:03:38 | 000,861,736 | ---- | M] (pdfforge GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe -- (pdfforge CrashHandler)
SRV - [2014.04.16 22:12:45 | 006,817,544 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV - [2014.03.25 20:22:20 | 002,264,280 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.04.16 22:12:55 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.11.29 22:20:54 | 000,348,032 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smwdm.sys -- (smwdm)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897



IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 F8 A9 79 B1 01 D0 01 [binary data]
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897

========== FireFox ==========

FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\PDF Architect 2: C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\cliqz@cliqz.com: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\extensions\cliqz@cliqz.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014.11.17 18:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\users\Helmut\AppData\Roaming\Mozilla\Extensions
[2014.12.19 18:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\extensions
[2014.12.19 18:20:14 | 001,188,646 | ---- | M] () (No name found) -- C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\extensions\cliqz@cliqz.com.xpi
[2014.11.19 19:43:49 | 000,000,663 | ---- | M] () -- C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\searchplugins\google-images.xml
[2014.11.19 19:43:49 | 000,002,307 | ---- | M] () -- C:\users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\prmpfpw4.default\searchplugins\google-maps.xml
[2014.12.19 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.12.19 18:30:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2357582960-234970388-848089052-1001..\RunOnce: [Adobe Speed Launcher] 1419073057 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2357582960-234970388-848089052-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292AC986-4040-4DA9-BF90-6B61C8D03291}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.12.20 12:00:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2014.12.20 11:45:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.12.20 11:45:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014.12.20 11:19:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.12.20 11:19:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.12.20 11:19:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.12.20 11:18:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.12.20 11:18:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.12.20 11:07:54 | 005,601,641 | R--- | C] (Swearware) -- C:\Users\Helmut\Desktop\ComboFix.exe
[2014.12.20 11:00:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014.12.19 18:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.12.18 18:06:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.12.18 18:06:09 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.12.14 11:49:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.12.13 18:22:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014.12.11 17:09:30 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014.12.11 17:09:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2014.12.11 17:09:30 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2014.12.11 17:09:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2014.12.11 17:09:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2014.12.11 17:09:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2014.12.11 17:09:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2014.12.11 17:09:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2014.12.11 17:09:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2014.12.11 17:09:29 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014.12.11 17:08:32 | 001,232,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2014.12.11 17:08:32 | 001,083,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.12.11 17:08:32 | 000,830,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014.12.11 17:08:32 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014.12.11 17:08:31 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014.12.11 17:08:31 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.12.11 17:08:31 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014.12.11 17:08:30 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.12.11 17:08:28 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014.12.11 17:08:14 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.12.11 17:08:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.12.11 17:08:13 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.12.11 17:08:13 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.12.11 17:08:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.12.11 17:08:12 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.12.11 17:08:12 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.12.11 17:08:11 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.12.11 17:08:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.12.11 17:08:08 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.12.11 17:08:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.12.11 17:08:07 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.12.11 17:08:07 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.12.11 17:08:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.12.11 17:08:06 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.12.11 17:08:06 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.12.11 17:08:06 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.12.11 17:08:06 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.12.11 17:08:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.12.11 17:08:04 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.12.11 17:08:03 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.12.11 17:08:02 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.12.11 17:08:00 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.12.11 17:08:00 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.12.11 17:08:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.12.11 17:07:59 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.12.11 17:07:58 | 006,039,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.12.11 17:07:58 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.12.11 17:07:58 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.12.11 17:07:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.12.11 17:07:57 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.12.11 17:07:57 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.12.11 17:07:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.12.11 17:06:20 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2014.12.11 17:06:20 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2014.12.11 17:06:17 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2014.12.11 17:06:17 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2014.12.11 17:06:17 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2014.12.11 17:06:17 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2014.12.11 17:06:17 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2014.12.11 17:06:17 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2014.12.11 17:06:17 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2014.12.11 17:06:17 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2014.11.26 19:43:14 | 003,981,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.11.26 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop\2014_11_26
[2014.11.26 19:34:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014.11.26 19:30:04 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Canon
[2014.11.26 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2014.11.26 19:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 100
[2014.11.26 19:28:23 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2014.11.26 19:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2014.11.21 19:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014.11.21 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\STAMP Remote Client
[2014.11.21 17:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\STAMP Remote Client

========== Files - Modified Within 30 Days ==========

[2014.12.20 12:03:52 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014.12.20 12:01:28 | 000,031,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.20 12:01:28 | 000,031,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.20 12:00:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2014.12.20 11:54:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.20 11:53:55 | 2810,818,560 | -HS- | M] () -- C:\hiberfil.sys
[2014.12.20 11:43:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.12.20 11:08:03 | 005,601,641 | R--- | M] (Swearware) -- C:\Users\Helmut\Desktop\ComboFix.exe
[2014.12.18 18:14:34 | 000,056,592 | ---- | M] () -- C:\Users\Helmut\Desktop\Diplomurkunde.pdf
[2014.12.13 17:44:34 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.12.13 17:44:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.12.13 17:43:44 | 003,981,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014.12.13 06:09:01 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.12.13 04:33:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.12.11 17:03:00 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.12.11 17:03:00 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.12.11 17:03:00 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.12.11 17:03:00 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.12.11 17:03:00 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.12.07 13:43:09 | 000,280,426 | ---- | M] () -- C:\Users\Helmut\Desktop\LH_WEBCKI.DE.PORTAL.FaYnHRuRVJXG1QqOZ0ZG87.pdf
[2014.12.06 17:15:06 | 000,101,314 | ---- | M] () -- C:\Users\Helmut\Desktop\Diplomzeugnis.pdf
[2014.12.04 03:50:55 | 000,413,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014.12.04 03:50:45 | 000,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2014.12.04 03:50:40 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2014.12.04 03:50:38 | 000,830,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2014.12.04 03:50:37 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.12.04 03:50:37 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2014.12.04 03:44:48 | 001,083,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.12.02 00:28:44 | 001,232,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2014.11.26 19:29:11 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2014.11.26 19:28:57 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2014.11.22 04:06:11 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.11.22 03:50:39 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.22 03:50:10 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.11.22 03:49:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.11.22 03:48:20 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.11.22 03:40:41 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.22 03:37:10 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.11.22 03:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.11.22 03:34:51 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.11.22 03:34:07 | 006,039,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.22 03:26:31 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.22 03:22:40 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.22 03:14:16 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.22 03:09:12 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.22 03:08:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.22 03:07:17 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.22 03:06:32 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.11.22 03:05:02 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.11.22 03:05:01 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.22 02:58:54 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.22 02:56:40 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.11.22 02:54:30 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.11.22 02:49:29 | 000,718,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.22 02:49:28 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.22 02:47:10 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.11.22 02:46:58 | 002,125,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.22 02:40:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.22 02:36:14 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.22 02:35:24 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.22 02:22:49 | 002,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.22 02:21:57 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.11.22 02:03:42 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.11.22 01:54:44 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.11.21 19:18:07 | 000,408,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.11.21 18:04:53 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

========== Files Created - No Company Name ==========

[2014.12.20 11:19:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.12.20 11:19:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.12.20 11:19:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.12.20 11:19:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.12.20 11:19:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.12.18 18:12:03 | 000,056,592 | ---- | C] () -- C:\Users\Helmut\Desktop\Diplomurkunde.pdf
[2014.12.07 13:43:07 | 000,280,426 | ---- | C] () -- C:\Users\Helmut\Desktop\LH_WEBCKI.DE.PORTAL.FaYnHRuRVJXG1QqOZ0ZG87.pdf
[2014.12.06 17:15:05 | 000,101,314 | ---- | C] () -- C:\Users\Helmut\Desktop\Diplomzeugnis.pdf
[2014.11.26 19:29:11 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2014.11.26 19:28:57 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2014.11.19 19:38:28 | 000,004,616 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014.11.19 19:38:28 | 000,002,448 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014.11.19 19:29:37 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2014.11.16 20:50:43 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.11.26 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Canon
[2014.11.19 19:29:37 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Cliqz
[2014.11.17 18:57:56 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\ImgBurn
[2014.11.27 06:33:08 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Canon
[2014.11.17 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\elsterformular

========== Purity Check ==========



< End of report >
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 20th, 2014, 8:35 am

OTL Extras logfile created on: 20.12.2014 12:02:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helmut\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,49 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 53,47% Memory free
6,98 Gb Paging File | 5,20 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,41 Gb Total Space | 43,42 Gb Free Space | 58,36% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 812,59 Gb Free Space | 87,23% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 383,75 Gb Free Space | 41,20% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082B48FB-3F92-4CEA-9C92-31E33900CC3E}" = lport=445 | protocol=6 | dir=in | app=system |
"{10F0376A-A6B2-4E47-9875-BBFE4E35FCFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18CC5AA6-56B0-4EC9-9F45-BF27BD56DACE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{21D7DE71-660A-45E5-A964-8AA37A539A7A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CD2E638-A992-49F7-9E34-870538714D8F}" = lport=139 | protocol=6 | dir=in | app=system |
"{5AEE25ED-345D-4C0D-86DD-B14ACA3C5AFB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{6317B8E5-09F6-49FE-BC85-9902A11CECDA}" = lport=138 | protocol=17 | dir=in | app=system |
"{6748A3FB-80BD-4D85-ACA4-0B0846D0BC69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EFA3DAE-57B9-46FF-B4B2-E3E1F2A2C3FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{81A75CE8-998B-46AA-95CA-275042AAC960}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91F82CB9-0D02-4195-BC2B-31D399B0ABA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94485927-2AC1-415A-806C-0711EF42C7EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{985D4ACD-3281-4AA6-AA9D-0C07B32CDF6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9CD79992-DDAD-4E6B-BB55-F2E480C79A2C}" = rport=445 | protocol=6 | dir=out | app=system |
"{A28A565E-807A-41D6-8A8A-5CA0B7CE4B60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4B3D0AC-D2AB-4D07-9E73-B81C5733CDA5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B5031749-9C0C-489F-BD49-0FCA0F15E7E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{BDE1FA82-99E4-46CD-B76E-EE99726DCC2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BE8B2A46-958C-4308-9CBF-9AE38A69AE61}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAAA6B78-3AF8-46B3-B82C-F0AD11F44751}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3E5BFCB-3CAD-4076-9E8E-31D21EE0A50A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FADD9338-8E13-4ECF-80D9-B4E32A275034}" = rport=138 | protocol=17 | dir=out | app=system |
"{FDA956B1-DE3E-4880-B85E-4F2D27ECE1A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEFFC14C-5EF2-4584-BBF9-98498A1129E0}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A79CE75-AB72-4211-8874-D045B4D11D2B}" = protocol=6 | dir=out | app=system |
"{1CDCFE5A-0228-415B-B73F-E763386ADD02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23E05AC4-BD30-4410-9B77-70722B97979C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27981668-28E7-47DF-9657-D36E0E344C3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2CA52131-B8C8-4A82-A05B-682E9180BFB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F1730E2-A3B6-4629-84E8-D5E38F004200}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34BC4C66-6CB2-4CE1-9D59-076460A13FF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39BCC807-5A31-43E4-A5FB-1A59F1C28C79}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3C907464-6411-4589-9661-2CE4D400402A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4A219A2B-C5E6-4845-AD16-3D069419B988}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4E0AA745-C228-4231-BFFF-539B8674ED81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62CA2EB5-C62A-4CBE-B724-48DACD4C9C0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6746E945-E39A-4E65-B9E8-8B5AC07ED7C4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{76FEC85E-2BD0-44F4-AFCE-8BDEC334A7F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8AA52D32-CEE3-48CF-ABFF-17EB479B2FA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8B57B5F5-42C1-4CFA-BDA1-4C7F2B84E8F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A5FD31C-8D6D-45DE-BAA1-B29D48439CC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E70EEEF-094A-4F31-BAFF-71CB02CA6543}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A37D8995-6163-41A5-8FD0-8FD945774B7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D43D23E3-60ED-4024-B2A5-CEDCAE197E6B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4DB509D-43F3-4DE7-91AC-0D7C184B604B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB89C4D5-F7FC-4165-83DC-68C2B9DCFCF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7817B7A-8C9A-446F-97DC-FE5186447805}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{D32EF4F9-1506-434E-A813-3D4C0AA50300}" = COMODO Internet Security Premium
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"VLC media player" = VLC media player

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1" = Cliqz
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch
"{D691E998-CF53-4F6C-AC20-E4284660E0E7}" = PDF Architect 2 View Module
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Mozilla Firefox 34.0.5 (x86 de)" = Mozilla Firefox 34.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"PDF Architect 2" = PDF Architect 2
"Remote Client" = STAMP Remote Client 2.2.3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16.12.2014 09:09:41 | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 17.12.2014 12:21:11 | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 17.12.2014 14:19:35 | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 17.12.2014 14:29:43 | Computer Name = Computer | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Monika\Desktop\SMART
Technologies\Education Software\Notebook.exe". Die abhängige Assemblierung "smarttech.activation2.vc100.1.0,processorArchitecture="x86",publicKeyToken="397ba524434296e4",type="win32",version="1.0.6.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 18.12.2014 13:00:32 | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 19.12.2014 13:03:28 | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 19.12.2014 16:01:49 | Computer Name = Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_aepdu.dll, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc9e0 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0x13fc Startzeit der fehlerhaften Anwendung: 0x01d01bc65994ec90
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\rundll32.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: ddcdcb9c-87b9-11e4-880d-00188b1dde11

Error - 20.12.2014 05:47:07 | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 20.12.2014 06:04:20 | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

Error - 20.12.2014 06:55:44 | Computer Name = Computer | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 14.12.2014 06:53:07 | Computer Name = Computer | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.

Error - 14.12.2014 06:53:07 | Computer Name = Computer | Source = Service Control Manager | ID = 7034
Description = Dienst "COMODO Internet Security Helper Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.

Error - 14.12.2014 06:53:07 | Computer Name = Computer | Source = Service Control Manager | ID = 7031
Description = Der Dienst "LavasoftTcpService" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.

Error - 14.12.2014 06:53:08 | Computer Name = Computer | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 14.12.2014 06:53:08 | Computer Name = Computer | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.

Error - 14.12.2014 06:53:38 | Computer Name = Computer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 14.12.2014 06:53:38 | Computer Name = Computer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069

Error - 20.12.2014 06:31:32 | Computer Name = Computer | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 20.12.2014 06:36:55 | Computer Name = Computer | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 20.12.2014 06:38:19 | Computer Name = Computer | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


< End of report >
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 21st, 2014, 1:54 pm

Hello Helmut13,

Sorry for delay... :)

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897
    IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
    IE - HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 3.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 4.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *joosoft*
    
    :folderfind
    *joosoft*
    
    :Regfind
    joosoft
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 5.
RogueKiller - Scan
Please download RogueKiller by Tigzy and save it to your desktop.
  1. Allow the download if prompted by your security software and please close all your programs.
  2. Right click on RogueKiller.exe and select "Run as administrator..." to run it.
  3. If it does not run, please try a few times.
  4. Wait for PreScan to finish, then click on Scan.
  5. Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  6. Please copy and paste the contents of that log in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the AdwCleaner[Sn].txt log file
  4. Contents of the JRT.txt log file
  5. Contents of the SystemLook.txt log file
  6. Contents of the RKreport[1].txt log file
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 4:21 pm

Hello,

I performed all steps successfully. Please find below the logs.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Helmut\Desktop\cmd.bat deleted successfully.
C:\Users\Helmut\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Default

User: Helmut
->Flash cache emptied: 0 bytes

User: Monika
->Flash cache emptied: 0 bytes

User: Public

User: Rita
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Default

User: Helmut

User: Monika

User: Public

User: Rita

Total Java Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Helmut
->Temp folder emptied: 120676 bytes
->Temporary Internet Files folder emptied: 1104933 bytes
->FireFox cache emptied: 12848258 bytes
->Flash cache emptied: 0 bytes

User: Monika
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 250480786 bytes
->FireFox cache emptied: 168915762 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rita
->Temp folder emptied: 1494 bytes
->Temporary Internet Files folder emptied: 541126352 bytes
->FireFox cache emptied: 365987904 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2047714 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.280,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12212014_195901

Files\Folders moved on Reboot...
C:\Users\Helmut\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 4:21 pm

# AdwCleaner v4.106 - Bericht erstellt am 21/12/2014 um 20:21:05
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Helmut - COMPUTER
# Gestartet von : C:\users\Helmut\Desktop\adwcleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [3300 octets] - [14/12/2014 11:49:24]
AdwCleaner[R1].txt - [901 octets] - [21/12/2014 20:17:36]
AdwCleaner[S0].txt - [3312 octets] - [14/12/2014 11:53:03]
AdwCleaner[S1].txt - [823 octets] - [21/12/2014 20:21:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [882 octets] ##########
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 4:22 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Helmut on 21.12.2014 at 20:27:32,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.12.2014 at 20:57:08,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 4:22 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 21:03 on 21/12/2014 by Helmut
Administrator - Elevation successful

========== filefind ==========

Searching for "*joosoft*"
No files found.

========== folderfind ==========

Searching for "*joosoft*"
No folders found.

========== Regfind ==========

Searching for "joosoft"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"="<-loopback>;www.joosoft.com"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"="<-loopback>;www.joosoft.com"

-= EOF =-
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 4:23 pm

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Helmut [Administrator]
Mode : Scan -- Date : 12/21/2014 21:15:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 52 ¤¤¤
[Hj.Name] (X64) HKEY_USERS\RK_Default_ON_D_407B\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Found
[Hj.Name] (X86) HKEY_USERS\RK_Default_ON_D_407B\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Found
[Hj.Name] (X64) HKEY_USERS\RK_Default_ON_F_0E35\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Found
[Hj.Name] (X86) HKEY_USERS\RK_Default_ON_F_0E35\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X64) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.SearchPage] (X86) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Monika_ON_D_7622\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Monika_ON_D_7622\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2357582960-234970388-848089052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] prmpfpw4.default : user_pref("browser.startup.homepage", "www.google.de"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD080HJ/P ATA Device +++++
--- User ---
[MBR] cf98189a72125b067836d2521205c493
[BSP] 6832a645c4af6fdac5fa13740ebd2657 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76191 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] ad67814fbd8520eb544d37a0f6df8cdb
[BSP] 4f0ce7a892be822d9904587220ec4c9b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST310005 28AS USB Device +++++
--- User ---
[MBR] 7435b395373533bcd39085cd12602a0e
[BSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive3: Hama CF Card Reader USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive4: Hama SM Card Reader USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive5: Hama SD Card Reader USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

+++++ PhysicalDrive6: Hama MS Card Reader USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 4:24 pm

Up to now I do not see any changes in the system.

Thanks
Helmut13
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm

Re: no access to internet for browsers and anti virus softwa

Unread postby pgmigg » December 21st, 2014, 5:26 pm

Hello Helmut13,

Good job! :D Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Reg
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
RogueKiller - Fix
You should still have RogueKiller.exe on your desktop.
  • Right click on RogueKiller.exe and select "Run as administrator" to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • When the Status box shows Scan Finished, click the Registry tab and locate these detections:
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\RK_Monika_ON_F_4B08\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_D_8025\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\RK_Rita_ON_F_E1E0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8897;https=127.0.0.1:8897 -> Found
  • Place a checkmark next to each of these items, leave the others unchecked.
  • Now press the Delete button.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Processes > All <- Important
    • Modules > All <- Important
    • Extra Registry > Use SafeList
    • LOP check
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the RKreport[1].txt log file
  4. Contents of a OTL.txt log file after OTL fresh scan
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: no access to internet for browsers and anti virus softwa

Unread postby Helmut13 » December 21st, 2014, 6:45 pm

Please find attached the new logs. Access to the internet is possible now :-) but updating anti virus software not yet.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Helmut
->Temp folder emptied: 6539994 bytes
->Temporary Internet Files folder emptied: 789186 bytes
->FireFox cache emptied: 6208919 bytes
->Flash cache emptied: 0 bytes

User: Monika
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rita
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 31535782 bytes

Total Files Cleaned = 43,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12212014_231451

Files\Folders moved on Reboot...
C:\Users\Helmut\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Helmut13
Regular Member
 
Posts: 75
Joined: May 30th, 2011, 3:05 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware