Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7 Pro -> LogonUI.exe - Systemfehler

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.09.2014, 09:23   #1
polonez
 
Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Hallo,

neuerdings erscheint beim Starten des Systems folgende Meldung:

"LogonUI.exe - Systemfehler
Das Programm kann nicht gestartet werden, da MSVCP120.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um das Problem zu beheben."

Um mich bei Windows anzumelden, muss ich die Meldung mit OK wegklicken. Ich merke nichts Ungewöhnliches im laufenden Betrieb. Was aber nicht mehr richtig funktioniert, ist der Energiesparmodus. Nach Einschalten des Modus bleibt mein Bildschirm schwarz aber der PC geht nicht aus. Ich kann es nur per Hardwarereset neubooten.

gruss
chris

Alt 24.09.2014, 09:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 24.09.2014, 11:14   #3
polonez
 
Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Hier die Ergebnisse:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by chris (administrator) on DESKTOP on 24-09-2014 12:00:07
Running from C:\Users\chris\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Dialogic) C:\Program Files\Diva Client\DiTask.exe
(Dialogic) C:\Program Files\Diva Client\cgserver.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {66613c78-da38-11df-a85a-40002c765c04} - G:\AutoRun.exe
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {a095d499-0e8a-11e0-8114-400068d7f60e} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\WISO\Steuersoftware 2014\mshaktuell.exe ()
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815064 2014-09-23] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed]
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed]
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 a6alv6o2; C:\Windows\system32\Drivers\a6alv6o2.sys [0 ] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 12:00 - 2014-09-24 12:00 - 00020005 _____ () C:\Users\chris\Desktop\FRST.txt
2014-09-24 11:25 - 2014-09-24 12:00 - 00000000 ____D () C:\FRST
2014-09-24 11:24 - 2014-09-24 11:24 - 01098240 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-09-21 18:23 - 2014-09-01 10:42 - 00118232 _____ () C:\Windows\system32\PulsewayCredentialProvider.dll
2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor
2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-09-05 16:21 - 2014-09-24 11:25 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware
2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt
2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe
2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe
2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf
2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe
2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll
2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll
2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks
2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 11:25 - 2014-09-05 16:21 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-24 11:24 - 2014-09-24 11:24 - 01098240 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-09-24 11:14 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 10:18 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 10:18 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 10:16 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 10:16 - 2010-01-11 22:38 - 01967634 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 10:11 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-09-24 10:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 10:11 - 2009-07-14 06:39 - 00385962 _____ () C:\Windows\setupact.log
2014-09-23 19:01 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-09-21 18:21 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-20 11:05 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-14 12:45 - 2010-01-12 00:07 - 01339328 _____ () C:\Windows\PFRO.log
2014-09-13 10:12 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard
2014-09-11 17:34 - 2014-09-05 16:22 - 00000000 ____D () C:\Program Files\Online Armor
2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 09:48 - 2010-01-11 22:48 - 01597700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-08 18:49 - 2014-09-08 18:50 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 16:33 - 2014-09-05 16:24 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor
2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware
2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt
2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe
2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird
2014-09-05 03:52 - 2014-09-10 09:37 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-10 09:37 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 20:11 - 2014-09-03 20:09 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe
2014-09-03 20:07 - 2014-09-03 20:05 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:38 - 00000000 ____D () C:\Program Files\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks
2014-09-02 15:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks
2014-09-02 14:30 - 2014-09-02 22:16 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe
2014-09-01 20:49 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 10:42 - 2014-09-21 18:23 - 00118232 _____ () C:\Windows\system32\PulsewayCredentialProvider.dll
2014-08-28 12:46 - 2014-09-02 22:16 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe
2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk
2014-08-25 06:53 - 2010-01-11 22:48 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\chris\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 12:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014
Ran by chris at 2014-09-24 12:00:43
Running from C:\Users\chris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.13 beta (HKLM\...\7-Zip) (Version:  - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3680FA2A-985F-C55C-36A2-7A4EB281F128}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0614.2131.36800 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Czech (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Danish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Dutch (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help English (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Finnish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help French (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help German (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Greek (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Italian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Japanese (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Korean (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Polish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Russian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Spanish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Swedish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Thai (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Turkish (Version: 2009.0614.2130.36800 - ATI) Hidden
ccc-core-static (Version: 2009.0614.2131.36800 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0614.2131.36800 - ATI) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version:  - Microsoft)
devolo Cockpit (HKLM\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
dLAN Cockpit (Version: 3.2.28 - devolo AG) Hidden
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 9.0 - Emsisoft GmbH)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Fotobuchexpress24 Bestellsoftware (HKLM\...\Fotobuchexpress24) (Version: 3.2.24 - SSW Software GmbH)
Fotobuchexpress24 Bestellsoftware (Version: 3.2.24 - SSW Software GmbH) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HydraVision (Version: 4.2.108.0 - ATI Technologies Inc.) Hidden
IHMC CmapTools v5.06 (HKLM\...\IHMC CmapTools v5.06) (Version: 5.0.6.0 - Institute for Human & Machine Cognition)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.9.45013 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LightScribe System Software (HKLM\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
LiveAdvisor (Symantec Corporation) (HKLM\...\LiveAdvisor) (Version: 1.0.0.691 - Symantec Corporation)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
MediaInfo 0.7.29 (HKLM\...\MediaInfo) (Version: 0.7.29 - MediaArea.net)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8C80871-125D-4667-BC0A-E3EEE62597E8}) (Version:  - Microsoft)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla)
Mp3tag v2.45a (HKLM\...\Mp3tag) (Version: v2.45a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{b9b1660b-9b41-4d0b-b380-f430397c848d}) (Version:  - Nero AG)
Nero Burning ROM Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.9.100 - Nero AG) Hidden
Nero CoverDesigner Help (Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.12.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Vision (Version: 6.4.10.205 - Nero AG) Hidden
Nero Vision Help (Version: 6.4.8.100 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.17.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles)
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
PC Monitor (HKLM\...\{BB24E9AE-C68B-41E1-B409-810512EFF5EF}) (Version: 2.7.0 - MMSOFT Design)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.75 - ASUSTek)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PQ DVD to iPod Video Suite (remove only) (HKLM\...\PQ_DVD_to_iPod_Video_Suite) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
R-Studio 5.2 (HKLM\...\R-Studio 5.2NSIS) (Version: 5.2.130721 - R-Tools Technology Inc.)
ScreenManager Pro for LCD (HKLM\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.9.0.1 - EIZO NANAO CORPORATION)
Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version:  - Microsoft) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TI Connect 1.6 (HKLM\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6.0 - Texas Instruments Incorporated)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SharePointDesigner_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0F5FFEB6-2F66-4592-8A34-CC85FF318951}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.PROPLUS_{D533D4E6-5056-487A-8F18-7FA51AF0E283}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft SharePoint Designer 2010 (KB2553382) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{92D3EF72-D44B-4DF9-86BA-B77FAC664D27}) (Version:  - Microsoft)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (HKLM\...\{90140000-0017-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{7A518447-45D0-4C4F-B4C3-7FA72E4F6DB9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
v2011.build.44 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.44 - eRightSoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WEB Partner (HKLM\...\WEB Partner) (Version: TOOL-ConnLaucher_WIN1.01.01.00 - Huawei Technologies Co.,Ltd)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{6C51B615-4FB7-47E2-9838-98C9D291B096}) (Version: 21.01.8499 - Buhl Data Service GmbH)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 5.1.26.1231 - Xilisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-05-13 11:30 - 2010-01-20 19:25 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {5848E516-C8B1-4827-87C4-6C5677EDBEC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.)
Task: {9421406F-3FE1-4691-9041-D1A29A92176F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9BE591D2-494F-4869-A7E7-DC0056381811} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.)
Task: {A792A63D-9DC0-4495-9F13-B9B1614F65A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {B01A6C5E-8A60-4EB0-A28E-67129F8A1815} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()
Task: {B01A90CF-4B07-4B22-AEB1-B52DEC298006} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {FB2AC347-029B-4045-8265-442FE93F62EF} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-05 16:21 - 2014-09-08 13:07 - 00751680 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-19 10:50 - 2009-02-27 17:39 - 00019968 _____ () D:\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2010-01-21 22:55 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2008-12-10 12:19 - 2008-12-10 12:19 - 00430080 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-04 21:35 - 2010-02-04 21:35 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MapsGalaxy_39Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => D:\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: CallGuard => C:\Program Files\Diva Client\cgserver.exe
MSCONFIG\startupreg: DiTask => C:\Program Files\Diva Client\ditask.exe
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\chris\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MapsGalaxy EPM Support => "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Mobile Partner => D:\WEB Partner\WEB Partner
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ScreenManager Pro for LCD => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2014 09:24:13 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/22/2014 00:53:52 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/20/2014 05:30:30 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/20/2014 04:00:48 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/20/2014 09:13:45 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/20/2014 07:58:36 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/19/2014 01:43:05 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/19/2014 11:44:43 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/18/2014 08:45:15 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/18/2014 03:15:31 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error


System errors:
=============
Error: (09/24/2014 11:54:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (09/24/2014 11:12:26 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/24/2014 10:17:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9C38ED61-D565-4728-AEEE-C80952F0ECDE}

Error: (09/24/2014 10:11:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎09.‎2014 um 10:09:31 unerwartet heruntergefahren.

Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (09/24/2014 09:24:13 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/22/2014 00:53:52 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/20/2014 05:30:30 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/20/2014 04:00:48 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/20/2014 09:13:45 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/20/2014 07:58:36 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/19/2014 01:43:05 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/19/2014 11:44:43 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/18/2014 08:45:15 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error

Error: (09/18/2014 03:15:31 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 35%
Total physical RAM: 3327.18 MB
Available physical RAM: 2132.36 MB
Total Pagefile: 6652.65 MB
Available Pagefile: 4919.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.73 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:100 GB) (Free:48.44 GB) NTFS
Drive d: (PROGRAMME) (Fixed) (Total:146.48 GB) (Free:67.54 GB) NTFS
Drive e: (HDD) (Fixed) (Total:684.93 GB) (Free:405.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F4B3C6F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=684.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 38A54CC0)
Partition 1: (Active) - (Size=478 MB) - (Type=83)
Partition 2: (Not Active) - (Size=1.9 GB) - (Type=82)
Partition 3: (Not Active) - (Size=46.6 GB) - (Type=83)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D0B1D0B1)

==================== End Of Log ============================
         
__________________

Alt 25.09.2014, 07:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.09.2014, 08:46   #5
polonez
 
Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Guten morgen.

Hier die Log-Datei von Combofix:

Code:
ATTFilter
ComboFix 14-09-22.01 - chris 25.09.2014   9:14.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3327.2012 [GMT 2:00]
ausgeführt von:: c:\users\chris\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\chris\Documents\~WRL1448.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\SET6DE3.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-25 bis 2014-09-25  ))))))))))))))))))))))))))))))
.
.
2014-09-25 07:25 . 2014-09-25 07:26	--------	d-----w-	c:\users\chris\AppData\Local\temp
2014-09-25 07:25 . 2014-09-25 07:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-24 09:25 . 2014-09-24 10:01	--------	d-----w-	C:\FRST
2014-09-24 05:24 . 2014-09-25 07:20	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DCF5A9D-8D54-4C5C-9F34-B387B04111F7}\offreg.dll
2014-09-21 16:23 . 2014-09-01 08:42	118232	----a-w-	c:\windows\system32\PulsewayCredentialProvider.dll
2014-09-20 10:49 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DCF5A9D-8D54-4C5C-9F34-B387B04111F7}\mpengine.dll
2014-09-10 07:46 . 2014-08-01 11:35	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-10 07:38 . 2014-07-07 01:40	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-09-10 07:38 . 2014-07-07 01:40	1059840	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-10 07:38 . 2014-08-23 01:46	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-09-10 07:38 . 2014-08-23 00:42	2352640	----a-w-	c:\windows\system32\win32k.sys
2014-09-10 07:37 . 2014-09-05 01:52	445952	----a-w-	c:\windows\system32\aepdu.dll
2014-09-10 07:37 . 2014-09-05 01:47	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-09-10 07:36 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-08 16:50 . 2014-09-08 16:50	--------	d-----w-	c:\users\chris\AppData\Roaming\Oracle
2014-09-08 16:50 . 2014-09-08 16:50	--------	d-----w-	c:\program files\Common Files\Java
2014-09-08 16:49 . 2014-09-08 16:49	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-09-05 16:06 . 2014-09-05 16:06	--------	d-----w-	c:\programdata\Emsisoft
2014-09-05 14:24 . 2014-09-05 14:33	--------	d-----w-	c:\programdata\OnlineArmor
2014-09-05 14:24 . 2014-09-05 14:24	--------	d-----w-	c:\users\chris\AppData\Roaming\OnlineArmor
2014-09-05 14:22 . 2013-10-11 01:41	44984	----a-w-	c:\windows\system32\drivers\oahlp32.sys
2014-09-05 14:22 . 2013-10-11 01:40	34856	----a-w-	c:\windows\system32\drivers\OAmon.sys
2014-09-05 14:22 . 2013-10-11 01:40	31760	----a-w-	c:\windows\system32\drivers\OAnet.sys
2014-09-05 14:22 . 2013-10-11 01:40	210360	----a-w-	c:\windows\system32\drivers\OADriver.sys
2014-09-05 14:22 . 2014-09-11 15:34	--------	d-----w-	c:\program files\Online Armor
2014-09-05 14:21 . 2014-09-25 07:08	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2014-09-03 18:09 . 2014-09-03 18:09	3231696	----a-w-	c:\program files\Mozilla Firefox\d3dcompiler_46.dll
2014-09-02 13:39 . 2014-09-02 13:39	--------	d-----w-	c:\users\Public\Juniper Networks
2014-09-02 13:39 . 2014-04-10 19:34	409712	----a-w-	c:\windows\system32\dsNcSmartCardProv.dll
2014-09-02 13:39 . 2014-04-10 19:34	364656	----a-w-	c:\windows\system32\dsNcCredProv.dll
2014-09-02 13:38 . 2014-09-02 13:39	--------	d-----w-	c:\program files\Juniper Networks
2014-09-02 13:37 . 2014-09-02 13:39	--------	d-----w-	c:\users\chris\AppData\Roaming\Juniper Networks
2014-09-02 13:37 . 2014-09-02 13:37	--------	d-----w-	c:\users\chris\AppData\Local\Juniper Networks
2014-08-27 06:51 . 2014-08-27 06:51	--------	d-----w-	C:\AppData
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-01 18:49 . 2014-05-23 12:03	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-25 04:53 . 2010-01-11 20:48	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-08-16 10:30 . 2012-04-09 19:57	699568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-08-16 10:30 . 2011-05-26 05:54	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-18 12:19 . 2014-08-16 05:18	35840	----a-w-	c:\windows\system32\drivers\npf_devolo.sys
2014-07-18 12:19 . 2014-08-16 05:18	81920	----a-w-	c:\windows\system32\devolopacket.dll
2014-07-18 12:19 . 2014-08-16 05:18	221184	----a-w-	c:\windows\system32\devolopcap.dll
2014-07-16 02:46 . 2014-08-16 07:15	2048	----a-w-	c:\windows\system32\tzres.dll
2014-07-14 01:42 . 2014-08-16 07:15	654336	----a-w-	c:\windows\system32\rpcrt4.dll
2014-06-30 22:14 . 2014-08-16 07:20	8856	----a-w-	c:\windows\system32\icardres.dll
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2009-06-14 380928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiTask"="c:\program files\Diva Client\ditask.exe" [2007-02-21 81920]
"CallGuard"="c:\program files\Diva Client\cgserver.exe" [2007-03-26 45056]
"Adobe Acrobat Speed Launcher"="d:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="d:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]
"ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2009-03-02 12080424]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2014-09-08 4867544]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2013-10-11 7558464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-21 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2013-10-11 1033968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=DivaWave.drv
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
d:\web partner\WEB Partner [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 18:57	43848	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallGuard]
2007-03-26 17:00	45056	----a-w-	c:\program files\Diva Client\cgserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiTask]
2007-02-21 14:37	81920	----a-w-	c:\program files\Diva Client\DiTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup]
2014-01-06 09:59	3619096	----a-w-	c:\users\chris\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-05-18 07:43	1409024	----a-w-	c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 01:54	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-06-20 14:07	2736128	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-12-01 13:55	389120	----a-w-	d:\sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenManager Pro for LCD]
2009-03-02 04:07	12080424	----a-w-	c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29	256896	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 20:02	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
R2 PC Monitor;PC Monitor;c:\program files\PC Monitor\PCMonitorSrv.exe [2014-09-23 815064]
R3 DiCowan;Dialogic Connection Oriented Driver for all Diva Client cards;c:\windows\system32\DRIVERS\disdn\dicowan.sys [2008-09-16 2961536]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-24 204288]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-11 36608]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2010-03-20 101504]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 12800]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\windows\TEMP\tmp991.tmp [x]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 DiMaint;Dialogic Maintenance Treiber;c:\windows\system32\DRIVERS\disdn\dimaint.sys [2007-02-09 583808]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-14 691696]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-28 22056]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013-09-30 38248]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2014-05-12 18552]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2013-10-11 210360]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2013-10-11 44984]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2013-10-11 34856]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2014-09-11 4784144]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-14 176128]
S2 DevoloNetworkService;devolo Network Service;d:\devolo\dlan\devolonetsvc.exe [2014-07-18 3645432]
S2 DiCapi;Dialogic CAPI 2.0 Treiber;c:\windows\system32\DRIVERS\DISDN\capi202k.sys [2007-02-09 245474]
S2 DiPort;Dialogic Port Treiber;c:\windows\system32\DRIVERS\DISDN\diport40.sys [2007-02-15 208640]
S2 EiconDivaLogService;Eicon Diva Log Service;c:\program files\Diva Client\divalog.exe [2006-05-17 168960]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2014-07-18 35840]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2013-10-11 584864]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2013-10-11 4457688]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2014-05-12 58200]
S3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [2013-12-04 50200]
S3 DiWan;Dialogic Treiber für alle Diva Client Karten;c:\windows\system32\drivers\disdn\diwan.sys [2007-04-11 2926720]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2013-10-11 31760]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 1047552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:46]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Fotoabzug online bestellen ! - hxxp://fotoup.info/ie2wk.php?hid=w3foto
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\
FF - prefs.js: browser.startup.homepage - www.gmx.de
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
MSConfigStartUp-AutoStartNPSAgent - d:\samsung\Samsung New PC Studio\NPSAgent.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-MapsGalaxy EPM Support - c:\progra~1\MAPSGA~2\bar\1.bin\39medint.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\windows\TEMP\tmp991.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2819807599-1883617300-2099825773-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{869B1464-2D9C-B693-FA51-9F94C230DABD}*]
"mamclelfilbkbdmekiimlkkmkb"=hex:6f,61,6c,69,70,6c,6c,6a,6c,65,70,6c,65,64,6c,
   68,65,70,6e,63,63,64,70,69,6f,67,6c,67,64,6c,00,6d
"ablcihjfofpkiggifljgdjlhblcnmppjaa"=hex:70,61,6a,63,6f,65,68,6d,63,6a,62,67,
   67,6f,61,6a,61,65,6a,66,6d,6a,6a,67,67,67,66,6b,6f,63,64,6d,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-25  09:30:02
ComboFix-quarantined-files.txt  2014-09-25 07:30
.
Vor Suchlauf: 12 Verzeichnis(se), 51.559.239.680 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 51.512.004.608 Bytes frei
.
- - End Of File - - 3E8E31DF26DE6B735C083DA982B0410C
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 25.09.2014, 13:12   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows 7 Pro -> LogonUI.exe - Systemfehler

Alt 26.09.2014, 08:51   #7
polonez
 
Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Guten Morgen.

Hier die Ergebnisse:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.09.2014
Suchlauf-Zeit: 19:58:21
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.25.09
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: chris

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306637
Verstrichene Zeit: 8 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 26/09/2014 um 01:17:46
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : chris - DESKTOP
# Gestartet von : C:\Users\chris\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 de)

[ Datei : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [841 octets] - [25/09/2014 22:34:06]
AdwCleaner[S0].txt - [763 octets] - [26/09/2014 01:17:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [822 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Professional x86
Ran by chris on 26.09.2014 at  7:55:27,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\chris\AppData\Roaming\mozilla\firefox\profiles\nbwhll4s.default\prefs.js

user_pref("flagfox.actions", "[{\"name\":\"Geotool\",\"template\":\"hxxp://geo.flagfox.net/?ip={IPaddress}&host={domainName}\",\"iconclick\":\"click\",\"hotkey\":{\"mods\":\"c
Emptied folder: C:\Users\chris\AppData\Roaming\mozilla\firefox\profiles\nbwhll4s.default\minidumps [22 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.09.2014 at  8:07:31,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by chris (administrator) on DESKTOP on 26-09-2014 08:13:33
Running from C:\Users\chris\Desktop
Loaded Profile: chris (Available profiles: chris)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Dialogic) C:\Program Files\Diva Client\DiTask.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Dialogic) C:\Program Files\Diva Client\cgserver.exe
(Adobe Systems Incorporated) D:\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815576 2014-09-25] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed]
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed]
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 a6n4pjwl; C:\Windows\system32\Drivers\a6n4pjwl.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\chris\AppData\Local\Temp\catchme.sys [X]
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 08:12 - 2014-09-26 08:12 - 00000000 ____D () C:\Users\chris\Desktop\FRST-OlderVersion
2014-09-26 08:07 - 2014-09-26 08:07 - 00001237 _____ () C:\Users\chris\Desktop\JRT.txt
2014-09-26 07:52 - 2014-09-26 07:52 - 00000901 _____ () C:\Users\chris\Desktop\AdwCleaner[S0].txt
2014-09-25 22:34 - 2014-09-26 01:17 - 00000000 ____D () C:\AdwCleaner
2014-09-25 22:33 - 2014-09-25 22:33 - 01024790 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe
2014-09-25 22:32 - 2014-09-25 22:32 - 01373475 _____ () C:\Users\chris\Desktop\AdwCleaner_3.310.exe
2014-09-25 22:31 - 2014-09-25 22:31 - 00001158 _____ () C:\Users\chris\Desktop\mbam.txt
2014-09-25 09:30 - 2014-09-25 09:30 - 00019975 _____ () C:\ComboFix.txt
2014-09-25 09:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-25 09:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-25 09:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-25 09:10 - 2014-09-25 09:30 - 00000000 ____D () C:\Qoobox
2014-09-25 09:10 - 2014-09-25 09:27 - 00000000 ____D () C:\Windows\erdnt
2014-09-25 09:07 - 2014-09-25 09:07 - 05579290 ____R (Swearware) C:\Users\chris\Desktop\ComboFix.exe
2014-09-24 12:18 - 2010-01-20 19:25 - 00000822 _____ () C:\Users\chris\Desktop\hosts für forum
2014-09-24 12:00 - 2014-09-26 08:13 - 00019531 _____ () C:\Users\chris\Desktop\FRST.txt
2014-09-24 11:25 - 2014-09-26 08:13 - 00000000 ____D () C:\FRST
2014-09-24 11:24 - 2014-09-26 08:12 - 01100288 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor
2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-09-05 16:21 - 2014-09-26 08:11 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware
2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt
2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe
2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe
2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf
2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe
2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll
2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll
2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks
2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 08:14 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 08:09 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 07:56 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 07:56 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 07:50 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-09-26 07:49 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-09-26 07:49 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 07:48 - 2010-01-12 00:07 - 01340574 _____ () C:\Windows\PFRO.log
2014-09-26 07:48 - 2009-07-14 06:39 - 00386466 _____ () C:\Windows\setupact.log
2014-09-26 01:18 - 2010-01-11 22:38 - 02063772 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 19:57 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 18:19 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 13:01 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-25 09:44 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 09:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-25 09:26 - 2009-07-14 04:04 - 00000260 _____ () C:\Windows\system.ini
2014-09-24 14:29 - 2010-01-15 01:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\vlc
2014-09-24 14:20 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris
2014-09-24 12:23 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard
2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird

Some content of TEMP:
====================
C:\Users\chris\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:11

==================== End Of Log ============================
         
--- --- ---

Alt 26.09.2014, 15:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.09.2014, 20:24   #9
polonez
 
Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Guten Abend.

Hier die Logs von ESET, SecCheck und frisches FRST:

Code:
ATTFilter
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ae781b897a7d694fa24331e53078b6e6
# engine=20325
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-27 02:31:14
# local_time=2014-09-27 04:31:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 117109 163459465 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16641 16777213 100 100 14372 213070562 0 0
# scanned=166313
# found=0
# cleaned=0
# scan_time=3178
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Emsisoft Anti-Malware   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 	14.0.0.179  
 Mozilla Firefox (32.0.3) 
 Mozilla Thunderbird (31.1.2) 
````````Process Check: objlist.exe by Laurent````````  
 Tall Emu Online Armor OAcat.exe 
 Tall Emu Online Armor oasrv.exe 
 Tall Emu Online Armor oaui.exe 
 Tall Emu Online Armor OAhlp.exe 
 Emsisoft Anti-Malware a2service.exe   
 Emsisoft Anti-Malware a2guard.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by chris (administrator) on DESKTOP on 27-09-2014 20:46:51
Running from C:\Users\chris\Desktop
Loaded Profile: chris (Available profiles: chris)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815576 2014-09-25] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed]
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed]
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 ay7q6onh; C:\Windows\system32\Drivers\ay7q6onh.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\chris\AppData\Local\Temp\catchme.sys [X]
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 15:21 - 2014-09-27 15:21 - 00001784 _____ () C:\Users\chris\Desktop\eset.txt
2014-09-27 00:17 - 2014-09-27 00:17 - 00854417 _____ () C:\Users\chris\Desktop\SecurityCheck.exe
2014-09-27 00:16 - 2014-09-27 00:16 - 02347384 _____ (ESET) C:\Users\chris\Desktop\esetsmartinstaller_deu.exe
2014-09-26 08:12 - 2014-09-26 08:12 - 00000000 ____D () C:\Users\chris\Desktop\FRST-OlderVersion
2014-09-26 08:07 - 2014-09-26 08:07 - 00001237 _____ () C:\Users\chris\Desktop\JRT.txt
2014-09-26 07:52 - 2014-09-26 07:52 - 00000901 _____ () C:\Users\chris\Desktop\AdwCleaner[S0].txt
2014-09-25 22:34 - 2014-09-26 01:17 - 00000000 ____D () C:\AdwCleaner
2014-09-25 22:33 - 2014-09-25 22:33 - 01024790 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe
2014-09-25 22:32 - 2014-09-25 22:32 - 01373475 _____ () C:\Users\chris\Desktop\AdwCleaner_3.310.exe
2014-09-25 22:31 - 2014-09-25 22:31 - 00001158 _____ () C:\Users\chris\Desktop\mbam.txt
2014-09-25 09:30 - 2014-09-25 09:30 - 00019975 _____ () C:\ComboFix.txt
2014-09-25 09:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-25 09:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-25 09:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-25 09:10 - 2014-09-25 09:30 - 00000000 ____D () C:\Qoobox
2014-09-25 09:10 - 2014-09-25 09:27 - 00000000 ____D () C:\Windows\erdnt
2014-09-25 09:07 - 2014-09-25 09:07 - 05579290 ____R (Swearware) C:\Users\chris\Desktop\ComboFix.exe
2014-09-24 12:18 - 2010-01-20 19:25 - 00000822 _____ () C:\Users\chris\Desktop\hosts für forum
2014-09-24 12:00 - 2014-09-27 20:46 - 00019540 _____ () C:\Users\chris\Desktop\FRST.txt
2014-09-24 12:00 - 2014-09-24 12:17 - 00043117 _____ () C:\Users\chris\Desktop\Addition_1.txt
2014-09-24 12:00 - 2014-09-24 12:07 - 00036169 _____ () C:\Users\chris\Desktop\FRST_1.txt
2014-09-24 11:25 - 2014-09-27 20:46 - 00000000 ____D () C:\FRST
2014-09-24 11:24 - 2014-09-26 08:12 - 01100288 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor
2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-09-05 16:21 - 2014-09-27 15:34 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware
2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt
2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe
2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe
2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf
2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe
2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll
2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll
2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 20:15 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 17:41 - 2010-01-11 22:38 - 01056297 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 12:28 - 2009-07-14 06:39 - 00386858 _____ () C:\Windows\setupact.log
2014-09-27 00:12 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 12:30 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 12:30 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 12:23 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-09-26 12:23 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 12:21 - 2014-05-22 20:57 - 00003322 _____ () C:\Windows\system32\Drivers\etc\hosts (Kopie).org
2014-09-26 12:14 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 07:50 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-09-26 07:48 - 2010-01-12 00:07 - 01340574 _____ () C:\Windows\PFRO.log
2014-09-25 19:57 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 18:19 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 13:01 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-25 09:44 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 09:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-25 09:26 - 2009-07-14 04:04 - 00000260 _____ () C:\Windows\system.ini
2014-09-24 14:29 - 2010-01-15 01:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\vlc
2014-09-24 14:20 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris
2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard
2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird

Some content of TEMP:
====================
C:\Users\chris\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:11

==================== End Of Log ============================
         
--- --- ---


Die Fehlermeldung ist bereits nach der letzten Routine mit Malwarebytes Anti-Malware, AdwCleaner und Junkware Removal Tool verschwunden. Mich interessiert es, welches Tool es behoben hatte. Anhand der Logs kann ich es nicht erkennen.

Alt 28.09.2014, 13:30   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Alle, da es ein Zusammenspiel von Adware war.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.09.2014, 18:19   #11
polonez
 
Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Hallo,

ich habe leider zu früh delfix.exe ausgeführt, so dass Fixlog.txt gelöscht wurde.
Aber ich habe davor mir den Inhalt angeschaut und der Punkt "GroupPolicyUsers..."
wurde erfolgreich behoben.

Delfix wurde ausgeführt:

Code:
ATTFilter
# DelFix v10.8 - Datei am 28/09/2014 um 18:21:56 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : chris - DESKTOP
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\Qoobox
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\chris\Desktop\FRST-OlderVersion
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\chris\Desktop\Addition_1.txt
Gelöscht : C:\Users\chris\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\chris\Desktop\AdwCleaner_3.310.exe
Gelöscht : C:\Users\chris\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\chris\Desktop	
Gelöscht : C:\Users\chris\Desktop\FRST.exe
Gelöscht : C:\Users\chris\Desktop\FRST.txt
Gelöscht : C:\Users\chris\Desktop\FRST_1.txt
Gelöscht : C:\Users\chris\Desktop\JRT.exe
Gelöscht : C:\Users\chris\Desktop\JRT.txt
Gelöscht : C:\Users\chris\Desktop\log.txt
Gelöscht : C:\Users\chris\Desktop\logonui.txt
Gelöscht : C:\Users\chris\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...


Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
         
Zitat:
Zitat von schrauber Beitrag anzeigen
Alle, da es ein Zusammenspiel von Adware war.
Ich habe in den letzten Tagen nichts installiert und kaum PC benutzt. Bei mir läuft von Euch empfohlene Software von Emsisoft.

Mich interessiert sehr, was es genau gewesen ist.
Was hat die besagte Datei MSVCP120.dll an sich? Anhand der LOGs erkenne ich nichts (auch keine Bereinigung).

Könntest Du ein paar Zeilen darüber schreiben. Danke schon mal.

Gruss
Chris

Alt 29.09.2014, 14:00   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Die Datei die fehlt ist eine legitime Windows Datei. Warscheinlich eine fehlende Verknüpfung, gerichtet durch Combofix.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2014, 14:31   #13
polonez
 
Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Danke für Deine Antwort.

Also es war keine Adware oder Ähnliches.

Alt 30.09.2014, 09:11   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7 Pro -> LogonUI.exe - Systemfehler - Standard

Windows 7 Pro -> LogonUI.exe - Systemfehler



Nope
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7 Pro -> LogonUI.exe - Systemfehler
.dll, beim starten, bildschirm, bildschirm schwarz, computer, einschalten, erneut, erscheint, folge, folgende, funktioniert, gestartet, installieren, meldung, nicht mehr, nichts, problem, programm, richtig, schwarz, starte, starten, systemfehler, windows, windows 7



Ähnliche Themen: Windows 7 Pro -> LogonUI.exe - Systemfehler


  1. Windows Vista: Festplatte wird zugemüllt, ist das ein Virus oder Systemfehler?
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (15)
  2. MSVCR100.dll Systemfehler
    Alles rund um Windows - 09.12.2014 (9)
  3. Bitcoin Miner c:\windows\logs\logonui.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (8)
  4. Von Systemfehler MSVCR80.dll zu Runtime Error Windows 7
    Alles rund um Windows - 24.01.2014 (3)
  5. Systemfehler MSVCP90.dll
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (7)
  6. "Windows Restore" Fenster - Nachrichtenfenster über Systemfehler - unaufgeforderter Systemneustart
    Log-Analyse und Auswertung - 24.04.2011 (13)
  7. Windows fährt nicht mehr hoch: lsass.exe - Systemfehler
    Alles rund um Windows - 25.12.2009 (7)
  8. schwerwiegender Systemfehler
    Plagegeister aller Art und deren Bekämpfung - 06.09.2009 (2)
  9. newbie braucht hilfe (logonui.exe)
    Plagegeister aller Art und deren Bekämpfung - 09.07.2009 (4)
  10. Windows systemfehler
    Mülltonne - 29.10.2008 (2)
  11. Probleme mit Datei logonui.exe
    Log-Analyse und Auswertung - 17.08.2008 (4)
  12. Systemfehler
    Alles rund um Windows - 14.03.2007 (4)
  13. Systemfehler > C:\WINDOWS\ASK\ASK.dll
    Log-Analyse und Auswertung - 01.03.2007 (2)
  14. Systemfehler lsass.exe
    Plagegeister aller Art und deren Bekämpfung - 11.04.2006 (2)
  15. Schwerer Systemfehler
    Alles rund um Windows - 09.01.2006 (8)
  16. Win XP | Schwerer Systemfehler c000021a
    Alles rund um Windows - 21.08.2005 (3)
  17. Schwerer Systemfehler!
    Alles rund um Windows - 03.07.2003 (6)

Zum Thema Windows 7 Pro -> LogonUI.exe - Systemfehler - Hallo, neuerdings erscheint beim Starten des Systems folgende Meldung: "LogonUI.exe - Systemfehler Das Programm kann nicht gestartet werden, da MSVCP120.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um - Windows 7 Pro -> LogonUI.exe - Systemfehler...
Archiv
Du betrachtest: Windows 7 Pro -> LogonUI.exe - Systemfehler auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.