|
Log-Analyse und Auswertung: Windows 7 Pro -> LogonUI.exe - SystemfehlerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
24.09.2014, 09:23 | #1 |
| Windows 7 Pro -> LogonUI.exe - Systemfehler Hallo, neuerdings erscheint beim Starten des Systems folgende Meldung: "LogonUI.exe - Systemfehler Das Programm kann nicht gestartet werden, da MSVCP120.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um das Problem zu beheben." Um mich bei Windows anzumelden, muss ich die Meldung mit OK wegklicken. Ich merke nichts Ungewöhnliches im laufenden Betrieb. Was aber nicht mehr richtig funktioniert, ist der Energiesparmodus. Nach Einschalten des Modus bleibt mein Bildschirm schwarz aber der PC geht nicht aus. Ich kann es nur per Hardwarereset neubooten. gruss chris |
24.09.2014, 09:40 | #2 |
/// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
24.09.2014, 11:14 | #3 |
| Windows 7 Pro -> LogonUI.exe - Systemfehler Hier die Ergebnisse:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014 Ran by chris (administrator) on DESKTOP on 24-09-2014 12:00:07 Running from C:\Users\chris\Desktop Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (devolo AG) D:\devolo\dlan\devolonetsvc.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Eicon Networks) C:\Program Files\Diva Client\divalog.exe (MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe (tzuk) D:\Sandboxie\SbieSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (AMD) C:\Windows\System32\atieclxx.exe (MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (Dialogic) C:\Program Files\Diva Client\DiTask.exe (Dialogic) C:\Program Files\Diva Client\cgserver.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe (Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic) HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic) HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD) HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {66613c78-da38-11df-a85a-40002c765c04} - G:\AutoRun.exe HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {a095d499-0e8a-11e0-8114-400068d7f60e} - G:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\WISO\Steuersoftware 2014\mshaktuell.exe () GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default FF Homepage: www.gmx.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15] FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13] FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07] FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13] FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26] FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24] FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22] FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23] FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH) R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks) R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed] S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.) S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed] R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815064 2014-09-23] (MMSOFT Design Ltd.) R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed] R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] () R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic) S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic) R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic) R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic) R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed] S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.) R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] () S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed] R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed] R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) U3 a6alv6o2; C:\Windows\system32\Drivers\a6alv6o2.sys [0 ] (Microsoft Corporation) S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 12:00 - 2014-09-24 12:00 - 00020005 _____ () C:\Users\chris\Desktop\FRST.txt 2014-09-24 11:25 - 2014-09-24 12:00 - 00000000 ____D () C:\FRST 2014-09-24 11:24 - 2014-09-24 11:24 - 01098240 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe 2014-09-21 18:23 - 2014-09-01 10:42 - 00118232 _____ () C:\Windows\system32\PulsewayCredentialProvider.dll 2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle 2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor 2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor 2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor 2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor 2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys 2014-09-05 16:21 - 2014-09-24 11:25 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware 2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt 2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe 2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk 2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe 2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe 2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf 2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe 2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe 2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks 2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll 2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll 2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks 2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks 2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks 2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 11:25 - 2014-09-05 16:21 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-09-24 11:24 - 2014-09-24 11:24 - 01098240 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe 2014-09-24 11:14 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-24 10:18 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-24 10:18 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-24 10:16 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-24 10:16 - 2010-01-11 22:38 - 01967634 _____ () C:\Windows\WindowsUpdate.log 2014-09-24 10:11 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client 2014-09-24 10:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-24 10:11 - 2009-07-14 06:39 - 00385962 _____ () C:\Windows\setupact.log 2014-09-23 19:01 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor 2014-09-21 18:21 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-20 11:05 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-09-14 12:45 - 2010-01-12 00:07 - 01339328 _____ () C:\Windows\PFRO.log 2014-09-13 10:12 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard 2014-09-11 17:34 - 2014-09-05 16:22 - 00000000 ____D () C:\Program Files\Online Armor 2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 09:48 - 2010-01-11 22:48 - 01597700 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle 2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-08 18:49 - 2014-09-08 18:50 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps 2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-05 16:33 - 2014-09-05 16:24 - 00000000 ____D () C:\ProgramData\OnlineArmor 2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor 2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor 2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware 2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv 2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt 2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe 2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk 2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird 2014-09-05 03:52 - 2014-09-10 09:37 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 03:47 - 2014-09-10 09:37 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-03 20:11 - 2014-09-03 20:09 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe 2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe 2014-09-03 20:07 - 2014-09-03 20:05 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf 2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks 2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2014-09-02 15:39 - 2014-09-02 15:38 - 00000000 ____D () C:\Program Files\Juniper Networks 2014-09-02 15:39 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks 2014-09-02 15:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks 2014-09-02 14:30 - 2014-09-02 22:16 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe 2014-09-01 20:49 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-01 10:42 - 2014-09-21 18:23 - 00118232 _____ () C:\Windows\system32\PulsewayCredentialProvider.dll 2014-08-28 12:46 - 2014-09-02 22:16 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe 2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk 2014-08-25 06:53 - 2010-01-11 22:48 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\chris\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\chris\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 12:03 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014 Ran by chris at 2014-09-24 12:00:43 Running from C:\Users\chris\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367} FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.13 beta (HKLM\...\7-Zip) (Version: - ) AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky) Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems) Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - ) Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{3680FA2A-985F-C55C-36A2-7A4EB281F128}) (Version: 3.0.732.0 - ATI Technologies, Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - ) Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2009.0614.2131.36800 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2009.0614.2131.36800 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2009.0614.2131.36800 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2009.0614.2131.36800 - ATI) Hidden Catalyst Control Center Graphics Previews Common (Version: 2009.0614.2131.36800 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2009.0614.2131.36800 - ATI) Hidden Catalyst Control Center HydraVision Full (Version: 2009.0614.2131.36800 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (Version: 2009.0614.2131.36800 - ATI) Hidden CCC Help Chinese Standard (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Chinese Traditional (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Czech (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Danish (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Dutch (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help English (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Finnish (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help French (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help German (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Greek (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Hungarian (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Italian (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Japanese (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Korean (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Norwegian (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Polish (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Portuguese (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Russian (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Spanish (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Swedish (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Thai (Version: 2009.0614.2130.36800 - ATI) Hidden CCC Help Turkish (Version: 2009.0614.2130.36800 - ATI) Hidden ccc-core-static (Version: 2009.0614.2131.36800 - Ihr Firmenname) Hidden ccc-utility (Version: 2009.0614.2131.36800 - ATI) Hidden CDDRV_Installer (Version: 4.60 - Logitech) Hidden Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A3AD381D-848C-4478-80DC-228E37309308}) (Version: - Microsoft) Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version: - Microsoft) devolo Cockpit (HKLM\...\dlancockpit) (Version: 4.2.3.0 - devolo AG) dLAN Cockpit (Version: 3.2.28 - devolo AG) Hidden dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden DolbyFiles (Version: 2.0 - Nero AG) Hidden Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 9.0 - Emsisoft GmbH) erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - ) Fotobuchexpress24 Bestellsoftware (HKLM\...\Fotobuchexpress24) (Version: 3.2.24 - SSW Software GmbH) Fotobuchexpress24 Bestellsoftware (Version: 3.2.24 - SSW Software GmbH) Hidden Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) HydraVision (Version: 4.2.108.0 - ATI Technologies Inc.) Hidden IHMC CmapTools v5.06 (HKLM\...\IHMC CmapTools v5.06) (Version: 5.0.6.0 - Institute for Human & Machine Cognition) ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.9.45013 - Juniper Networks, Inc.) Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden LightScribe System Software (HKLM\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe) LiveAdvisor (Symantec Corporation) (HKLM\...\LiveAdvisor) (Version: 1.0.0.691 - Symantec Corporation) LiveUpdate (HKLM\...\LiveUpdate) (Version: - ) Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.) MediaInfo 0.7.29 (HKLM\...\MediaInfo) (Version: 0.7.29 - MediaArea.net) Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office SharePoint Designer 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8C80871-125D-4667-BC0A-E3EEE62597E8}) (Version: - Microsoft) Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird 31.1.1 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla) Mp3tag v2.45a (HKLM\...\Mp3tag) (Version: v2.45a - Florian Heidenreich) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 (HKLM\...\{b9b1660b-9b41-4d0b-b380-f430397c848d}) (Version: - Nero AG) Nero Burning ROM Help (Version: 9.4.17.100 - Nero AG) Hidden Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden Nero CoverDesigner (Version: 4.4.9.100 - Nero AG) Hidden Nero CoverDesigner Help (Version: 4.4.9.100 - Nero AG) Hidden Nero DiscSpeed (Version: 5.4.12.100 - Nero AG) Hidden Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden Nero DriveSpeed (Version: 4.4.11.100 - Nero AG) Hidden Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden Nero InfoTool (Version: 6.4.11.100 - Nero AG) Hidden Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden Nero Vision (Version: 6.4.10.205 - Nero AG) Hidden Nero Vision Help (Version: 6.4.8.100 - Nero AG) Hidden NeroBurningROM (Version: 9.4.17.100 - Nero AG) Hidden neroxml (Version: 1.0.0 - Nero AG) Hidden NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles) Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH) PC Monitor (HKLM\...\{BB24E9AE-C68B-41E1-B409-810512EFF5EF}) (Version: 2.7.0 - MMSOFT Design) PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.75 - ASUSTek) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden PQ DVD to iPod Video Suite (remove only) (HKLM\...\PQ_DVD_to_iPod_Video_Suite) (Version: - ) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) R-Studio 5.2 (HKLM\...\R-Studio 5.2NSIS) (Version: 5.2.130721 - R-Tools Technology Inc.) ScreenManager Pro for LCD (HKLM\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.9.0.1 - EIZO NANAO CORPORATION) Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version: - Microsoft) Hidden TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) TI Connect 1.6 (HKLM\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6.0 - Texas Instruments Incorporated) Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SharePointDesigner_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0F5FFEB6-2F66-4592-8A34-CC85FF318951}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.PROPLUS_{D533D4E6-5056-487A-8F18-7FA51AF0E283}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft) Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft) Update for Microsoft SharePoint Designer 2010 (KB2553382) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{92D3EF72-D44B-4DF9-86BA-B77FAC664D27}) (Version: - Microsoft) Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (HKLM\...\{90140000-0017-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{7A518447-45D0-4C4F-B4C3-7FA72E4F6DB9}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft) v2011.build.44 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.44 - eRightSoft) VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team) WEB Partner (HKLM\...\WEB Partner) (Version: TOOL-ConnLaucher_WIN1.01.01.00 - Huawei Technologies Co.,Ltd) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation) WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH) WISO Steuer-Sparbuch 2014 (HKLM\...\{6C51B615-4FB7-47E2-9838-98C9D291B096}) (Version: 21.01.8499 - Buhl Data Service GmbH) Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.) Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 5.1.26.1231 - Xilisoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-05-13 11:30 - 2010-01-20 19:25 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {5848E516-C8B1-4827-87C4-6C5677EDBEC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.) Task: {9421406F-3FE1-4691-9041-D1A29A92176F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {9BE591D2-494F-4869-A7E7-DC0056381811} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.) Task: {A792A63D-9DC0-4495-9F13-B9B1614F65A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe Task: {B01A6C5E-8A60-4EB0-A28E-67129F8A1815} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] () Task: {B01A90CF-4B07-4B22-AEB1-B52DEC298006} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe Task: {FB2AC347-029B-4045-8265-442FE93F62EF} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-05 16:21 - 2014-09-08 13:07 - 00751680 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-05-19 10:50 - 2009-02-27 17:39 - 00019968 _____ () D:\Adobe\Acrobat 9.0\Acrobat\acrotray.deu 2010-01-21 22:55 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll 2008-12-10 12:19 - 2008-12-10 12:19 - 00430080 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-02-04 21:35 - 2010-02-04 21:35 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: LightScribeService => 2 MSCONFIG\Services: MapsGalaxy_39Service => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AutoStartNPSAgent => D:\Samsung\Samsung New PC Studio\NPSAgent.exe MSCONFIG\startupreg: CallGuard => C:\Program Files\Diva Client\cgserver.exe MSCONFIG\startupreg: DiTask => C:\Program Files\Diva Client\ditask.exe MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\chris\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: MapsGalaxy EPM Support => "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S MSCONFIG\startupreg: Mobile Partner => D:\WEB Partner\WEB Partner MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: ScreenManager Pro for LCD => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/24/2014 09:24:13 AM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/22/2014 00:53:52 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/20/2014 05:30:30 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/20/2014 04:00:48 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/20/2014 09:13:45 AM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/20/2014 07:58:36 AM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/19/2014 01:43:05 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/19/2014 11:44:43 AM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/18/2014 08:45:15 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/18/2014 03:15:31 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error System errors: ============= Error: (09/24/2014 11:54:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (09/24/2014 11:12:26 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (09/24/2014 10:17:10 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {9C38ED61-D565-4728-AEEE-C80952F0ECDE} Error: (09/24/2014 10:11:01 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 24.09.2014 um 10:09:31 unerwartet heruntergefahren. Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (09/24/2014 09:24:13 AM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/22/2014 00:53:52 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/20/2014 05:30:30 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/20/2014 04:00:48 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/20/2014 09:13:45 AM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/20/2014 07:58:36 AM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/19/2014 01:43:05 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/19/2014 11:44:43 AM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/18/2014 08:45:15 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error Error: (09/18/2014 03:15:31 PM) (Source: EiconDivaLogService) (EventID: 0) (User: ) Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ Percentage of memory in use: 35% Total physical RAM: 3327.18 MB Available physical RAM: 2132.36 MB Total Pagefile: 6652.65 MB Available Pagefile: 4919.29 MB Total Virtual: 2047.88 MB Available Virtual: 1889.73 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:100 GB) (Free:48.44 GB) NTFS Drive d: (PROGRAMME) (Fixed) (Total:146.48 GB) (Free:67.54 GB) NTFS Drive e: (HDD) (Fixed) (Total:684.93 GB) (Free:405.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F4B3C6F7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=684.9 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 149.1 GB) (Disk ID: 38A54CC0) Partition 1: (Active) - (Size=478 MB) - (Type=83) Partition 2: (Not Active) - (Size=1.9 GB) - (Type=82) Partition 3: (Not Active) - (Size=46.6 GB) - (Type=83) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D0B1D0B1) ==================== End Of Log ============================ |
25.09.2014, 07:37 | #4 |
/// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.09.2014, 08:46 | #5 |
| Windows 7 Pro -> LogonUI.exe - Systemfehler Guten morgen. Hier die Log-Datei von Combofix: Code:
ATTFilter ComboFix 14-09-22.01 - chris 25.09.2014 9:14.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3327.2012 [GMT 2:00] ausgeführt von:: c:\users\chris\Desktop\ComboFix.exe AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\chris\Documents\~WRL1448.tmp c:\windows\IsUn0407.exe c:\windows\system32\SET6DE3.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2014-08-25 bis 2014-09-25 )))))))))))))))))))))))))))))) . . 2014-09-25 07:25 . 2014-09-25 07:26 -------- d-----w- c:\users\chris\AppData\Local\temp 2014-09-25 07:25 . 2014-09-25 07:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-24 09:25 . 2014-09-24 10:01 -------- d-----w- C:\FRST 2014-09-24 05:24 . 2014-09-25 07:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DCF5A9D-8D54-4C5C-9F34-B387B04111F7}\offreg.dll 2014-09-21 16:23 . 2014-09-01 08:42 118232 ----a-w- c:\windows\system32\PulsewayCredentialProvider.dll 2014-09-20 10:49 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DCF5A9D-8D54-4C5C-9F34-B387B04111F7}\mpengine.dll 2014-09-10 07:46 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-09-10 07:38 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll 2014-09-10 07:38 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll 2014-09-10 07:38 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll 2014-09-10 07:38 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys 2014-09-10 07:37 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll 2014-09-10 07:37 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll 2014-09-10 07:36 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll 2014-09-08 16:50 . 2014-09-08 16:50 -------- d-----w- c:\users\chris\AppData\Roaming\Oracle 2014-09-08 16:50 . 2014-09-08 16:50 -------- d-----w- c:\program files\Common Files\Java 2014-09-08 16:49 . 2014-09-08 16:49 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-09-05 16:06 . 2014-09-05 16:06 -------- d-----w- c:\programdata\Emsisoft 2014-09-05 14:24 . 2014-09-05 14:33 -------- d-----w- c:\programdata\OnlineArmor 2014-09-05 14:24 . 2014-09-05 14:24 -------- d-----w- c:\users\chris\AppData\Roaming\OnlineArmor 2014-09-05 14:22 . 2013-10-11 01:41 44984 ----a-w- c:\windows\system32\drivers\oahlp32.sys 2014-09-05 14:22 . 2013-10-11 01:40 34856 ----a-w- c:\windows\system32\drivers\OAmon.sys 2014-09-05 14:22 . 2013-10-11 01:40 31760 ----a-w- c:\windows\system32\drivers\OAnet.sys 2014-09-05 14:22 . 2013-10-11 01:40 210360 ----a-w- c:\windows\system32\drivers\OADriver.sys 2014-09-05 14:22 . 2014-09-11 15:34 -------- d-----w- c:\program files\Online Armor 2014-09-05 14:21 . 2014-09-25 07:08 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2014-09-03 18:09 . 2014-09-03 18:09 3231696 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_46.dll 2014-09-02 13:39 . 2014-09-02 13:39 -------- d-----w- c:\users\Public\Juniper Networks 2014-09-02 13:39 . 2014-04-10 19:34 409712 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll 2014-09-02 13:39 . 2014-04-10 19:34 364656 ----a-w- c:\windows\system32\dsNcCredProv.dll 2014-09-02 13:38 . 2014-09-02 13:39 -------- d-----w- c:\program files\Juniper Networks 2014-09-02 13:37 . 2014-09-02 13:39 -------- d-----w- c:\users\chris\AppData\Roaming\Juniper Networks 2014-09-02 13:37 . 2014-09-02 13:37 -------- d-----w- c:\users\chris\AppData\Local\Juniper Networks 2014-08-27 06:51 . 2014-08-27 06:51 -------- d-----w- C:\AppData . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-01 18:49 . 2014-05-23 12:03 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-25 04:53 . 2010-01-11 20:48 231584 ------w- c:\windows\system32\MpSigStub.exe 2014-08-16 10:30 . 2012-04-09 19:57 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-08-16 10:30 . 2011-05-26 05:54 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2014-07-18 12:19 . 2014-08-16 05:18 35840 ----a-w- c:\windows\system32\drivers\npf_devolo.sys 2014-07-18 12:19 . 2014-08-16 05:18 81920 ----a-w- c:\windows\system32\devolopacket.dll 2014-07-18 12:19 . 2014-08-16 05:18 221184 ----a-w- c:\windows\system32\devolopcap.dll 2014-07-16 02:46 . 2014-08-16 07:15 2048 ----a-w- c:\windows\system32\tzres.dll 2014-07-14 01:42 . 2014-08-16 07:15 654336 ----a-w- c:\windows\system32\rpcrt4.dll 2014-06-30 22:14 . 2014-08-16 07:20 8856 ----a-w- c:\windows\system32\icardres.dll 2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll 2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll 2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2009-06-14 380928] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DiTask"="c:\program files\Diva Client\ditask.exe" [2007-02-21 81920] "CallGuard"="c:\program files\Diva Client\cgserver.exe" [2007-03-26 45056] "Adobe Acrobat Speed Launcher"="d:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128] "Acrobat Assistant 8.0"="d:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304] "ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2009-03-02 12080424] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392] "emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2014-09-08 4867544] "@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2013-10-11 7558464] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-21 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2013-10-11 1033968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave2"=DivaWave.drv "aux1"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk] path=c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner] d:\web partner\WEB Partner [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2014-02-12 18:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallGuard] 2007-03-26 17:00 45056 ----a-w- c:\program files\Diva Client\cgserver.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiTask] 2007-02-21 14:37 81920 ----a-w- c:\program files\Diva Client\DiTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup] 2014-01-06 09:59 3619096 ----a-w- c:\users\chris\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] 2009-05-18 07:43 1409024 ----a-w- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2014-02-21 01:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2011-06-20 14:07 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl] 2009-12-01 13:55 389120 ----a-w- d:\sandboxie\SbieCtrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenManager Pro for LCD] 2009-03-02 04:07 12080424 ----a-w- c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-01-12 20:02 37888 ----a-w- c:\program files\Winamp\winampa.exe . R2 PC Monitor;PC Monitor;c:\program files\PC Monitor\PCMonitorSrv.exe [2014-09-23 815064] R3 DiCowan;Dialogic Connection Oriented Driver for all Diva Client cards;c:\windows\system32\DRIVERS\disdn\dicowan.sys [2008-09-16 2961536] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-24 204288] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-11 36608] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2010-03-20 101504] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 12800] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\windows\TEMP\tmp991.tmp [x] R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S0 DiMaint;Dialogic Maintenance Treiber;c:\windows\system32\DRIVERS\disdn\dimaint.sys [2007-02-09 583808] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-14 691696] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-28 22056] S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013-09-30 38248] S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2014-05-12 18552] S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448] S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2013-10-11 210360] S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2013-10-11 44984] S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2013-10-11 34856] S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2014-09-11 4784144] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-14 176128] S2 DevoloNetworkService;devolo Network Service;d:\devolo\dlan\devolonetsvc.exe [2014-07-18 3645432] S2 DiCapi;Dialogic CAPI 2.0 Treiber;c:\windows\system32\DRIVERS\DISDN\capi202k.sys [2007-02-09 245474] S2 DiPort;Dialogic Port Treiber;c:\windows\system32\DRIVERS\DISDN\diport40.sys [2007-02-15 208640] S2 EiconDivaLogService;Eicon Diva Log Service;c:\program files\Diva Client\divalog.exe [2006-05-17 168960] S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2014-07-18 35840] S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2013-10-11 584864] S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2013-10-11 4457688] S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760] S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2014-05-12 58200] S3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [2013-12-04 50200] S3 DiWan;Dialogic Treiber für alle Diva Client Karten;c:\windows\system32\drivers\disdn\diwan.sys [2007-04-11 2926720] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384] S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2013-10-11 31760] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 1047552] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-06-20 14:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:46] . 2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:46] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Fotoabzug online bestellen ! - hxxp://fotoup.info/ie2wk.php?hid=w3foto IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office15\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\ FF - prefs.js: browser.startup.homepage - www.gmx.de . . ------- Dateityp-Verknüpfung ------- . .txt= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-AdobeBridge - (no file) SafeBoot-CleanHlp SafeBoot-CleanHlp.sys MSConfigStartUp-AutoStartNPSAgent - d:\samsung\Samsung New PC Studio\NPSAgent.exe MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe MSConfigStartUp-MapsGalaxy EPM Support - c:\progra~1\MAPSGA~2\bar\1.bin\39medint.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0] "ImagePath"="\??\c:\windows\TEMP\tmp991.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2819807599-1883617300-2099825773-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{869B1464-2D9C-B693-FA51-9F94C230DABD}*] "mamclelfilbkbdmekiimlkkmkb"=hex:6f,61,6c,69,70,6c,6c,6a,6c,65,70,6c,65,64,6c, 68,65,70,6e,63,63,64,70,69,6f,67,6c,67,64,6c,00,6d "ablcihjfofpkiggifljgdjlhblcnmppjaa"=hex:70,61,6a,63,6f,65,68,6d,63,6a,62,67, 67,6f,61,6a,61,65,6a,66,6d,6a,6a,67,67,67,66,6b,6f,63,64,6d,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-09-25 09:30:02 ComboFix-quarantined-files.txt 2014-09-25 07:30 . Vor Suchlauf: 12 Verzeichnis(se), 51.559.239.680 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 51.512.004.608 Bytes frei . - - End Of File - - 3E8E31DF26DE6B735C083DA982B0410C A36C5E4F47E84449FF07ED3517B43A31 |
25.09.2014, 13:12 | #6 |
/// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 Pro -> LogonUI.exe - Systemfehler |
26.09.2014, 08:51 | #7 |
| Windows 7 Pro -> LogonUI.exe - Systemfehler Guten Morgen. Hier die Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.09.2014 Suchlauf-Zeit: 19:58:21 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.25.09 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: chris Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 306637 Verstrichene Zeit: 8 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 26/09/2014 um 01:17:46 # Aktualisiert 12/09/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : chris - DESKTOP # Gestartet von : C:\Users\chris\Desktop\AdwCleaner_3.310.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 de) [ Datei : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\prefs.js ] ************************* AdwCleaner[R0].txt - [841 octets] - [25/09/2014 22:34:06] AdwCleaner[S0].txt - [763 octets] - [26/09/2014 01:17:46] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [822 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.2.0 (09.22.2014:1) OS: Windows 7 Professional x86 Ran by chris on 26.09.2014 at 7:55:27,58 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1 ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\chris\AppData\Roaming\mozilla\firefox\profiles\nbwhll4s.default\prefs.js user_pref("flagfox.actions", "[{\"name\":\"Geotool\",\"template\":\"hxxp://geo.flagfox.net/?ip={IPaddress}&host={domainName}\",\"iconclick\":\"click\",\"hotkey\":{\"mods\":\"c Emptied folder: C:\Users\chris\AppData\Roaming\mozilla\firefox\profiles\nbwhll4s.default\minidumps [22 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26.09.2014 at 8:07:31,78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014 Ran by chris (administrator) on DESKTOP on 26-09-2014 08:13:33 Running from C:\Users\chris\Desktop Loaded Profile: chris (Available profiles: chris) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (devolo AG) D:\devolo\dlan\devolonetsvc.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Eicon Networks) C:\Program Files\Diva Client\divalog.exe (tzuk) D:\Sandboxie\SbieSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (AMD) C:\Windows\System32\atieclxx.exe (MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (Dialogic) C:\Program Files\Diva Client\DiTask.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe (Dialogic) C:\Program Files\Diva Client\cgserver.exe (Adobe Systems Incorporated) D:\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic) HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic) HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD) HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default FF Homepage: www.gmx.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15] FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13] FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07] FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13] FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26] FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24] FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22] FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23] FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH) R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks) R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed] S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.) S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed] R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815576 2014-09-25] (MMSOFT Design Ltd.) R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed] R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] () R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic) S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic) R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic) R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic) R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed] S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.) R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] () S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed] R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed] R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) U3 a6n4pjwl; C:\Windows\system32\Drivers\a6n4pjwl.sys [0 ] (Microsoft Corporation) S3 catchme; \??\C:\Users\chris\AppData\Local\Temp\catchme.sys [X] S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-26 08:12 - 2014-09-26 08:12 - 00000000 ____D () C:\Users\chris\Desktop\FRST-OlderVersion 2014-09-26 08:07 - 2014-09-26 08:07 - 00001237 _____ () C:\Users\chris\Desktop\JRT.txt 2014-09-26 07:52 - 2014-09-26 07:52 - 00000901 _____ () C:\Users\chris\Desktop\AdwCleaner[S0].txt 2014-09-25 22:34 - 2014-09-26 01:17 - 00000000 ____D () C:\AdwCleaner 2014-09-25 22:33 - 2014-09-25 22:33 - 01024790 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe 2014-09-25 22:32 - 2014-09-25 22:32 - 01373475 _____ () C:\Users\chris\Desktop\AdwCleaner_3.310.exe 2014-09-25 22:31 - 2014-09-25 22:31 - 00001158 _____ () C:\Users\chris\Desktop\mbam.txt 2014-09-25 09:30 - 2014-09-25 09:30 - 00019975 _____ () C:\ComboFix.txt 2014-09-25 09:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-25 09:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-25 09:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-25 09:10 - 2014-09-25 09:30 - 00000000 ____D () C:\Qoobox 2014-09-25 09:10 - 2014-09-25 09:27 - 00000000 ____D () C:\Windows\erdnt 2014-09-25 09:07 - 2014-09-25 09:07 - 05579290 ____R (Swearware) C:\Users\chris\Desktop\ComboFix.exe 2014-09-24 12:18 - 2010-01-20 19:25 - 00000822 _____ () C:\Users\chris\Desktop\hosts für forum 2014-09-24 12:00 - 2014-09-26 08:13 - 00019531 _____ () C:\Users\chris\Desktop\FRST.txt 2014-09-24 11:25 - 2014-09-26 08:13 - 00000000 ____D () C:\FRST 2014-09-24 11:24 - 2014-09-26 08:12 - 01100288 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe 2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle 2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor 2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor 2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor 2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor 2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys 2014-09-05 16:21 - 2014-09-26 08:11 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware 2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt 2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe 2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk 2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe 2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe 2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf 2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe 2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe 2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks 2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll 2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll 2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks 2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks 2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks 2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-26 08:14 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-26 08:09 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-26 07:56 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-26 07:56 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-26 07:50 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor 2014-09-26 07:49 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client 2014-09-26 07:49 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-26 07:48 - 2010-01-12 00:07 - 01340574 _____ () C:\Windows\PFRO.log 2014-09-26 07:48 - 2009-07-14 06:39 - 00386466 _____ () C:\Windows\setupact.log 2014-09-26 01:18 - 2010-01-11 22:38 - 02063772 _____ () C:\Windows\WindowsUpdate.log 2014-09-25 19:57 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-25 18:19 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-25 13:01 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-09-25 09:44 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-25 09:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-09-25 09:26 - 2009-07-14 04:04 - 00000260 _____ () C:\Windows\system.ini 2014-09-24 14:29 - 2010-01-15 01:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\vlc 2014-09-24 14:20 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris 2014-09-24 12:23 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard 2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps 2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv 2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird Some content of TEMP: ==================== C:\Users\chris\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 00:11 ==================== End Of Log ============================ |
26.09.2014, 15:50 | #8 |
/// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - SystemfehlerESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.09.2014, 20:24 | #9 |
| Windows 7 Pro -> LogonUI.exe - Systemfehler Guten Abend. Hier die Logs von ESET, SecCheck und frisches FRST: Code:
ATTFilter # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=ae781b897a7d694fa24331e53078b6e6 # engine=20325 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-09-27 02:31:14 # local_time=2014-09-27 04:31:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 117109 163459465 0 0 # compatibility_mode_1='Emsisoft Anti-Malware' # compatibility_mode=16641 16777213 100 100 14372 213070562 0 0 # scanned=166313 # found=0 # cleaned=0 # scan_time=3178 Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Emsisoft Anti-Malware Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Flash Player 14.0.0.179 Mozilla Firefox (32.0.3) Mozilla Thunderbird (31.1.2) ````````Process Check: objlist.exe by Laurent```````` Tall Emu Online Armor OAcat.exe Tall Emu Online Armor oasrv.exe Tall Emu Online Armor oaui.exe Tall Emu Online Armor OAhlp.exe Emsisoft Anti-Malware a2service.exe Emsisoft Anti-Malware a2guard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014 Ran by chris (administrator) on DESKTOP on 27-09-2014 20:46:51 Running from C:\Users\chris\Desktop Loaded Profile: chris (Available profiles: chris) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (AMD) C:\Windows\System32\atieclxx.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe (AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (devolo AG) D:\devolo\dlan\devolonetsvc.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Eicon Networks) C:\Program Files\Diva Client\divalog.exe (MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe (tzuk) D:\Sandboxie\SbieSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic) HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic) HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH) HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD) HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default FF Homepage: www.gmx.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15] FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13] FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07] FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13] FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26] FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24] FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22] FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23] FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13] Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH) R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks) R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed] S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.) S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed] R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH) R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815576 2014-09-25] (MMSOFT Design Ltd.) R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed] R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH) S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] () R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic) S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic) R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic) R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic) R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed] S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.) R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.) R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] () S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed] R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed] R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] () R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] () R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft) R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft) R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed] R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) U3 ay7q6onh; C:\Windows\system32\Drivers\ay7q6onh.sys [0 ] (Microsoft Corporation) S3 catchme; \??\C:\Users\chris\AppData\Local\Temp\catchme.sys [X] S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-27 15:21 - 2014-09-27 15:21 - 00001784 _____ () C:\Users\chris\Desktop\eset.txt 2014-09-27 00:17 - 2014-09-27 00:17 - 00854417 _____ () C:\Users\chris\Desktop\SecurityCheck.exe 2014-09-27 00:16 - 2014-09-27 00:16 - 02347384 _____ (ESET) C:\Users\chris\Desktop\esetsmartinstaller_deu.exe 2014-09-26 08:12 - 2014-09-26 08:12 - 00000000 ____D () C:\Users\chris\Desktop\FRST-OlderVersion 2014-09-26 08:07 - 2014-09-26 08:07 - 00001237 _____ () C:\Users\chris\Desktop\JRT.txt 2014-09-26 07:52 - 2014-09-26 07:52 - 00000901 _____ () C:\Users\chris\Desktop\AdwCleaner[S0].txt 2014-09-25 22:34 - 2014-09-26 01:17 - 00000000 ____D () C:\AdwCleaner 2014-09-25 22:33 - 2014-09-25 22:33 - 01024790 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe 2014-09-25 22:32 - 2014-09-25 22:32 - 01373475 _____ () C:\Users\chris\Desktop\AdwCleaner_3.310.exe 2014-09-25 22:31 - 2014-09-25 22:31 - 00001158 _____ () C:\Users\chris\Desktop\mbam.txt 2014-09-25 09:30 - 2014-09-25 09:30 - 00019975 _____ () C:\ComboFix.txt 2014-09-25 09:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-25 09:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-25 09:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-25 09:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-25 09:10 - 2014-09-25 09:30 - 00000000 ____D () C:\Qoobox 2014-09-25 09:10 - 2014-09-25 09:27 - 00000000 ____D () C:\Windows\erdnt 2014-09-25 09:07 - 2014-09-25 09:07 - 05579290 ____R (Swearware) C:\Users\chris\Desktop\ComboFix.exe 2014-09-24 12:18 - 2010-01-20 19:25 - 00000822 _____ () C:\Users\chris\Desktop\hosts für forum 2014-09-24 12:00 - 2014-09-27 20:46 - 00019540 _____ () C:\Users\chris\Desktop\FRST.txt 2014-09-24 12:00 - 2014-09-24 12:17 - 00043117 _____ () C:\Users\chris\Desktop\Addition_1.txt 2014-09-24 12:00 - 2014-09-24 12:07 - 00036169 _____ () C:\Users\chris\Desktop\FRST_1.txt 2014-09-24 11:25 - 2014-09-27 20:46 - 00000000 ____D () C:\FRST 2014-09-24 11:24 - 2014-09-26 08:12 - 01100288 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe 2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle 2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor 2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor 2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor 2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor 2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys 2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys 2014-09-05 16:21 - 2014-09-27 15:34 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware 2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt 2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe 2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk 2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe 2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe 2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf 2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe 2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe 2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks 2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks 2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll 2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll 2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks 2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks 2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-27 20:15 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-27 17:41 - 2010-01-11 22:38 - 01056297 _____ () C:\Windows\WindowsUpdate.log 2014-09-27 12:28 - 2009-07-14 06:39 - 00386858 _____ () C:\Windows\setupact.log 2014-09-27 00:12 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-26 12:30 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-26 12:30 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-26 12:23 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client 2014-09-26 12:23 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-26 12:21 - 2014-05-22 20:57 - 00003322 _____ () C:\Windows\system32\Drivers\etc\hosts (Kopie).org 2014-09-26 12:14 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-26 07:50 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor 2014-09-26 07:48 - 2010-01-12 00:07 - 01340574 _____ () C:\Windows\PFRO.log 2014-09-25 19:57 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-25 18:19 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-25 13:01 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-09-25 09:44 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-25 09:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-09-25 09:26 - 2009-07-14 04:04 - 00000260 _____ () C:\Windows\system.ini 2014-09-24 14:29 - 2010-01-15 01:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\vlc 2014-09-24 14:20 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris 2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard 2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps 2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv 2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird Some content of TEMP: ==================== C:\Users\chris\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 00:11 ==================== End Of Log ============================ Die Fehlermeldung ist bereits nach der letzten Routine mit Malwarebytes Anti-Malware, AdwCleaner und Junkware Removal Tool verschwunden. Mich interessiert es, welches Tool es behoben hatte. Anhand der Logs kann ich es nicht erkennen. |
28.09.2014, 13:30 | #10 |
/// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler Alle, da es ein Zusammenspiel von Adware war. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.09.2014, 18:19 | #11 |
| Windows 7 Pro -> LogonUI.exe - Systemfehler Hallo, ich habe leider zu früh delfix.exe ausgeführt, so dass Fixlog.txt gelöscht wurde. Aber ich habe davor mir den Inhalt angeschaut und der Punkt "GroupPolicyUsers..." wurde erfolgreich behoben. Delfix wurde ausgeführt: Code:
ATTFilter # DelFix v10.8 - Datei am 28/09/2014 um 18:21:56 erstellt # Aktualisiert am 29/07/2014 von Xplode # Benutzer : chris - DESKTOP # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\Qoobox Gelöscht : C:\FRST Gelöscht : C:\AdwCleaner Gelöscht : C:\Users\chris\Desktop\FRST-OlderVersion Gelöscht : C:\ComboFix.txt Gelöscht : C:\Users\chris\Desktop\Addition_1.txt Gelöscht : C:\Users\chris\Desktop\AdwCleaner[S0].txt Gelöscht : C:\Users\chris\Desktop\AdwCleaner_3.310.exe Gelöscht : C:\Users\chris\Desktop\esetsmartinstaller_deu.exe Gelöscht : C:\Users\chris\Desktop Gelöscht : C:\Users\chris\Desktop\FRST.exe Gelöscht : C:\Users\chris\Desktop\FRST.txt Gelöscht : C:\Users\chris\Desktop\FRST_1.txt Gelöscht : C:\Users\chris\Desktop\JRT.exe Gelöscht : C:\Users\chris\Desktop\JRT.txt Gelöscht : C:\Users\chris\Desktop\log.txt Gelöscht : C:\Users\chris\Desktop\logonui.txt Gelöscht : C:\Users\chris\Desktop\SecurityCheck.exe Gelöscht : HKLM\SOFTWARE\AdwCleaner Gelöscht : HKLM\SOFTWARE\Swearware ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## Mich interessiert sehr, was es genau gewesen ist. Was hat die besagte Datei MSVCP120.dll an sich? Anhand der LOGs erkenne ich nichts (auch keine Bereinigung). Könntest Du ein paar Zeilen darüber schreiben. Danke schon mal. Gruss Chris |
29.09.2014, 14:00 | #12 |
/// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler Die Datei die fehlt ist eine legitime Windows Datei. Warscheinlich eine fehlende Verknüpfung, gerichtet durch Combofix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.09.2014, 14:31 | #13 |
| Windows 7 Pro -> LogonUI.exe - Systemfehler Danke für Deine Antwort. Also es war keine Adware oder Ähnliches. |
30.09.2014, 09:11 | #14 |
/// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler Nope
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7 Pro -> LogonUI.exe - Systemfehler |
.dll, beim starten, bildschirm, bildschirm schwarz, computer, einschalten, erneut, erscheint, folge, folgende, funktioniert, gestartet, installieren, meldung, nicht mehr, nichts, problem, programm, richtig, schwarz, starte, starten, systemfehler, windows, windows 7 |