| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Pro -> LogonUI.exe - SystemfehlerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.09.2014, 09:23
| #1 |
 |  Windows 7 Pro -> LogonUI.exe - Systemfehler Hallo, neuerdings erscheint beim Starten des Systems folgende Meldung: "LogonUI.exe - Systemfehler Das Programm kann nicht gestartet werden, da MSVCP120.dll auf dem Computer fehlt. Installieren Sie das Programm erneut, um das Problem zu beheben." Um mich bei Windows anzumelden, muss ich die Meldung mit OK wegklicken. Ich merke nichts Ungewöhnliches im laufenden Betrieb. Was aber nicht mehr richtig funktioniert, ist der Energiesparmodus. Nach Einschalten des Modus bleibt mein Bildschirm schwarz aber der PC geht nicht aus. Ich kann es nur per Hardwarereset neubooten. gruss chris |
|
24.09.2014, 09:40
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Pro -> LogonUI.exe - Systemfehler hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.09.2014, 11:14
| #3 |
| | Windows 7 Pro -> LogonUI.exe - Systemfehler Hier die Ergebnisse:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by chris (administrator) on DESKTOP on 24-09-2014 12:00:07
Running from C:\Users\chris\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Dialogic) C:\Program Files\Diva Client\DiTask.exe
(Dialogic) C:\Program Files\Diva Client\cgserver.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {66613c78-da38-11df-a85a-40002c765c04} - G:\AutoRun.exe
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\MountPoints2: {a095d499-0e8a-11e0-8114-400068d7f60e} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\WISO\Steuersoftware 2014\mshaktuell.exe ()
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815064 2014-09-23] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed]
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed]
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 a6alv6o2; C:\Windows\system32\Drivers\a6alv6o2.sys [0 ] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-24 12:00 - 2014-09-24 12:00 - 00020005 _____ () C:\Users\chris\Desktop\FRST.txt
2014-09-24 11:25 - 2014-09-24 12:00 - 00000000 ____D () C:\FRST
2014-09-24 11:24 - 2014-09-24 11:24 - 01098240 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-09-21 18:23 - 2014-09-01 10:42 - 00118232 _____ () C:\Windows\system32\PulsewayCredentialProvider.dll
2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor
2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-09-05 16:21 - 2014-09-24 11:25 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware
2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt
2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe
2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe
2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf
2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe
2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll
2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll
2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks
2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-24 11:25 - 2014-09-05 16:21 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-24 11:24 - 2014-09-24 11:24 - 01098240 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-09-24 11:14 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 10:18 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 10:18 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 10:16 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 10:16 - 2010-01-11 22:38 - 01967634 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 10:11 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-09-24 10:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 10:11 - 2009-07-14 06:39 - 00385962 _____ () C:\Windows\setupact.log
2014-09-23 19:01 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-09-21 18:21 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-20 11:05 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-14 12:45 - 2010-01-12 00:07 - 01339328 _____ () C:\Windows\PFRO.log
2014-09-13 10:12 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard
2014-09-11 17:34 - 2014-09-05 16:22 - 00000000 ____D () C:\Program Files\Online Armor
2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 09:48 - 2010-01-11 22:48 - 01597700 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-08 18:49 - 2014-09-08 18:50 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 16:33 - 2014-09-05 16:24 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor
2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware
2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt
2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe
2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird
2014-09-05 03:52 - 2014-09-10 09:37 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-10 09:37 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 20:11 - 2014-09-03 20:09 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe
2014-09-03 20:07 - 2014-09-03 20:05 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:38 - 00000000 ____D () C:\Program Files\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks
2014-09-02 15:39 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks
2014-09-02 14:30 - 2014-09-02 22:16 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe
2014-09-01 20:49 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 10:42 - 2014-09-21 18:23 - 00118232 _____ () C:\Windows\system32\PulsewayCredentialProvider.dll
2014-08-28 12:46 - 2014-09-02 22:16 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe
2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk
2014-08-25 06:53 - 2010-01-11 22:48 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\chris\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\chris\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\chris\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 12:03
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014
Ran by chris at 2014-09-24 12:00:43
Running from C:\Users\chris\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.13 beta (HKLM\...\7-Zip) (Version: - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.63 - NOS Microsystems Ltd.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - )
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.18 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3680FA2A-985F-C55C-36A2-7A4EB281F128}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CanoScan Toolbox Ver4.1 (HKLM\...\{BCE46757-7674-4416-BEDB-68205A60409E}) (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0614.2131.36800 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Czech (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Danish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Dutch (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help English (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Finnish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help French (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help German (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Greek (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Italian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Japanese (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Korean (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Polish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Russian (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Spanish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Swedish (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Thai (Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Turkish (Version: 2009.0614.2130.36800 - ATI) Hidden
ccc-core-static (Version: 2009.0614.2131.36800 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0614.2131.36800 - ATI) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A3AD381D-848C-4478-80DC-228E37309308}) (Version: - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version: - Microsoft)
devolo Cockpit (HKLM\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
dLAN Cockpit (Version: 3.2.28 - devolo AG) Hidden
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 9.0 - Emsisoft GmbH)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Fotobuchexpress24 Bestellsoftware (HKLM\...\Fotobuchexpress24) (Version: 3.2.24 - SSW Software GmbH)
Fotobuchexpress24 Bestellsoftware (Version: 3.2.24 - SSW Software GmbH) Hidden
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HydraVision (Version: 4.2.108.0 - ATI Technologies Inc.) Hidden
IHMC CmapTools v5.06 (HKLM\...\IHMC CmapTools v5.06) (Version: 5.0.6.0 - Institute for Human & Machine Cognition)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.9.45013 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LightScribe System Software (HKLM\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe)
LiveAdvisor (Symantec Corporation) (HKLM\...\LiveAdvisor) (Version: 1.0.0.691 - Symantec Corporation)
LiveUpdate (HKLM\...\LiveUpdate) (Version: - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
MediaInfo 0.7.29 (HKLM\...\MediaInfo) (Version: 0.7.29 - MediaArea.net)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8C80871-125D-4667-BC0A-E3EEE62597E8}) (Version: - Microsoft)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 32.0.2 (x86 de) (HKLM\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla)
Mp3tag v2.45a (HKLM\...\Mp3tag) (Version: v2.45a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{b9b1660b-9b41-4d0b-b380-f430397c848d}) (Version: - Nero AG)
Nero Burning ROM Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.9.100 - Nero AG) Hidden
Nero CoverDesigner Help (Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.12.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Vision (Version: 6.4.10.205 - Nero AG) Hidden
Nero Vision Help (Version: 6.4.8.100 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.17.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles)
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
PC Monitor (HKLM\...\{BB24E9AE-C68B-41E1-B409-810512EFF5EF}) (Version: 2.7.0 - MMSOFT Design)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.75 - ASUSTek)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PQ DVD to iPod Video Suite (remove only) (HKLM\...\PQ_DVD_to_iPod_Video_Suite) (Version: - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
R-Studio 5.2 (HKLM\...\R-Studio 5.2NSIS) (Version: 5.2.130721 - R-Tools Technology Inc.)
ScreenManager Pro for LCD (HKLM\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.9.0.1 - EIZO NANAO CORPORATION)
Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version: - Microsoft) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TI Connect 1.6 (HKLM\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6.0 - Texas Instruments Incorporated)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SharePointDesigner_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.PROPLUS_{0F5FFEB6-2F66-4592-8A34-CC85FF318951}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.PROPLUS_{D533D4E6-5056-487A-8F18-7FA51AF0E283}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft SharePoint Designer 2010 (KB2553382) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{92D3EF72-D44B-4DF9-86BA-B77FAC664D27}) (Version: - Microsoft)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (HKLM\...\{90140000-0017-0407-0000-0000000FF1CE}_Office14.SharePointDesigner_{7A518447-45D0-4C4F-B4C3-7FA72E4F6DB9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version: - Microsoft)
v2011.build.44 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.44 - eRightSoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
WEB Partner (HKLM\...\WEB Partner) (Version: TOOL-ConnLaucher_WIN1.01.01.00 - Huawei Technologies Co.,Ltd)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WISO Steuer-Sparbuch 2013 (HKLM\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{6C51B615-4FB7-47E2-9838-98C9D291B096}) (Version: 21.01.8499 - Buhl Data Service GmbH)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
Xilisoft Video Converter Ultimate (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 5.1.26.1231 - Xilisoft)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-05-13 11:30 - 2010-01-20 19:25 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {5848E516-C8B1-4827-87C4-6C5677EDBEC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.)
Task: {9421406F-3FE1-4691-9041-D1A29A92176F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9BE591D2-494F-4869-A7E7-DC0056381811} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-11] (Google Inc.)
Task: {A792A63D-9DC0-4495-9F13-B9B1614F65A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {B01A6C5E-8A60-4EB0-A28E-67129F8A1815} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()
Task: {B01A90CF-4B07-4B22-AEB1-B52DEC298006} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {FB2AC347-029B-4045-8265-442FE93F62EF} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-05 16:21 - 2014-09-08 13:07 - 00751680 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-19 10:50 - 2009-02-27 17:39 - 00019968 _____ () D:\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2010-01-21 22:55 - 2009-07-20 13:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2008-12-10 12:19 - 2008-12-10 12:19 - 00430080 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-04 21:35 - 2010-02-04 21:35 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MapsGalaxy_39Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => D:\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: CallGuard => C:\Program Files\Diva Client\cgserver.exe
MSCONFIG\startupreg: DiTask => C:\Program Files\Diva Client\ditask.exe
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\chris\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: MapsGalaxy EPM Support => "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Mobile Partner => D:\WEB Partner\WEB Partner
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ScreenManager Pro for LCD => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/24/2014 09:24:13 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/22/2014 00:53:52 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/20/2014 05:30:30 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/20/2014 04:00:48 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/20/2014 09:13:45 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/20/2014 07:58:36 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/19/2014 01:43:05 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/19/2014 11:44:43 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/18/2014 08:45:15 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/18/2014 03:15:31 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
System errors:
=============
Error: (09/24/2014 11:54:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/24/2014 11:12:26 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (09/24/2014 10:17:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9C38ED61-D565-4728-AEEE-C80952F0ECDE}
Error: (09/24/2014 10:11:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.09.2014 um 10:09:31 unerwartet heruntergefahren.
Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/24/2014 10:01:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/24/2014 10:01:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (09/24/2014 09:24:13 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/22/2014 00:53:52 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/20/2014 05:30:30 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/20/2014 04:00:48 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/20/2014 09:13:45 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/20/2014 07:58:36 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/19/2014 01:43:05 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/19/2014 11:44:43 AM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/18/2014 08:45:15 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
Error: (09/18/2014 03:15:31 PM) (Source: EiconDivaLogService) (EventID: 0) (User: )
Description: EiconDivaLogService error: 87Adapter 1 (Diva PRO 2.0 S/T PCI) WDog error
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 35%
Total physical RAM: 3327.18 MB
Available physical RAM: 2132.36 MB
Total Pagefile: 6652.65 MB
Available Pagefile: 4919.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.73 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:100 GB) (Free:48.44 GB) NTFS
Drive d: (PROGRAMME) (Fixed) (Total:146.48 GB) (Free:67.54 GB) NTFS
Drive e: (HDD) (Fixed) (Total:684.93 GB) (Free:405.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F4B3C6F7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=684.9 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 38A54CC0)
Partition 1: (Active) - (Size=478 MB) - (Type=83)
Partition 2: (Not Active) - (Size=1.9 GB) - (Type=82)
Partition 3: (Not Active) - (Size=46.6 GB) - (Type=83)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D0B1D0B1)
==================== End Of Log ============================
|
|
25.09.2014, 07:37
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.09.2014, 08:46
| #5 |
| | Windows 7 Pro -> LogonUI.exe - Systemfehler Guten morgen. Hier die Log-Datei von Combofix: Code:
ATTFilter ComboFix 14-09-22.01 - chris 25.09.2014 9:14.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3327.2012 [GMT 2:00]
ausgeführt von:: c:\users\chris\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\chris\Documents\~WRL1448.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\SET6DE3.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-25 bis 2014-09-25 ))))))))))))))))))))))))))))))
.
.
2014-09-25 07:25 . 2014-09-25 07:26 -------- d-----w- c:\users\chris\AppData\Local\temp
2014-09-25 07:25 . 2014-09-25 07:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-24 09:25 . 2014-09-24 10:01 -------- d-----w- C:\FRST
2014-09-24 05:24 . 2014-09-25 07:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DCF5A9D-8D54-4C5C-9F34-B387B04111F7}\offreg.dll
2014-09-21 16:23 . 2014-09-01 08:42 118232 ----a-w- c:\windows\system32\PulsewayCredentialProvider.dll
2014-09-20 10:49 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DCF5A9D-8D54-4C5C-9F34-B387B04111F7}\mpengine.dll
2014-09-10 07:46 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 07:38 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 07:38 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 07:38 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-09-10 07:38 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-09-10 07:37 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 07:37 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 07:36 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-08 16:50 . 2014-09-08 16:50 -------- d-----w- c:\users\chris\AppData\Roaming\Oracle
2014-09-08 16:50 . 2014-09-08 16:50 -------- d-----w- c:\program files\Common Files\Java
2014-09-08 16:49 . 2014-09-08 16:49 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-09-05 16:06 . 2014-09-05 16:06 -------- d-----w- c:\programdata\Emsisoft
2014-09-05 14:24 . 2014-09-05 14:33 -------- d-----w- c:\programdata\OnlineArmor
2014-09-05 14:24 . 2014-09-05 14:24 -------- d-----w- c:\users\chris\AppData\Roaming\OnlineArmor
2014-09-05 14:22 . 2013-10-11 01:41 44984 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2014-09-05 14:22 . 2013-10-11 01:40 34856 ----a-w- c:\windows\system32\drivers\OAmon.sys
2014-09-05 14:22 . 2013-10-11 01:40 31760 ----a-w- c:\windows\system32\drivers\OAnet.sys
2014-09-05 14:22 . 2013-10-11 01:40 210360 ----a-w- c:\windows\system32\drivers\OADriver.sys
2014-09-05 14:22 . 2014-09-11 15:34 -------- d-----w- c:\program files\Online Armor
2014-09-05 14:21 . 2014-09-25 07:08 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-09-03 18:09 . 2014-09-03 18:09 3231696 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_46.dll
2014-09-02 13:39 . 2014-09-02 13:39 -------- d-----w- c:\users\Public\Juniper Networks
2014-09-02 13:39 . 2014-04-10 19:34 409712 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2014-09-02 13:39 . 2014-04-10 19:34 364656 ----a-w- c:\windows\system32\dsNcCredProv.dll
2014-09-02 13:38 . 2014-09-02 13:39 -------- d-----w- c:\program files\Juniper Networks
2014-09-02 13:37 . 2014-09-02 13:39 -------- d-----w- c:\users\chris\AppData\Roaming\Juniper Networks
2014-09-02 13:37 . 2014-09-02 13:37 -------- d-----w- c:\users\chris\AppData\Local\Juniper Networks
2014-08-27 06:51 . 2014-08-27 06:51 -------- d-----w- C:\AppData
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-01 18:49 . 2014-05-23 12:03 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-25 04:53 . 2010-01-11 20:48 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-16 10:30 . 2012-04-09 19:57 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-16 10:30 . 2011-05-26 05:54 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-18 12:19 . 2014-08-16 05:18 35840 ----a-w- c:\windows\system32\drivers\npf_devolo.sys
2014-07-18 12:19 . 2014-08-16 05:18 81920 ----a-w- c:\windows\system32\devolopacket.dll
2014-07-18 12:19 . 2014-08-16 05:18 221184 ----a-w- c:\windows\system32\devolopcap.dll
2014-07-16 02:46 . 2014-08-16 07:15 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-14 01:42 . 2014-08-16 07:15 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-06-30 22:14 . 2014-08-16 07:20 8856 ----a-w- c:\windows\system32\icardres.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2009-06-14 380928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiTask"="c:\program files\Diva Client\ditask.exe" [2007-02-21 81920]
"CallGuard"="c:\program files\Diva Client\cgserver.exe" [2007-03-26 45056]
"Adobe Acrobat Speed Launcher"="d:\adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="d:\adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]
"ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2009-03-02 12080424]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2014-09-08 4867544]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2013-10-11 7558464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-21 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2013-10-11 1033968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=DivaWave.drv
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
d:\web partner\WEB Partner [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 18:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallGuard]
2007-03-26 17:00 45056 ----a-w- c:\program files\Diva Client\cgserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiTask]
2007-02-21 14:37 81920 ----a-w- c:\program files\Diva Client\DiTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup]
2014-01-06 09:59 3619096 ----a-w- c:\users\chris\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-05-18 07:43 1409024 ----a-w- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-02-21 01:54 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-06-20 14:07 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-12-01 13:55 389120 ----a-w- d:\sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenManager Pro for LCD]
2009-03-02 04:07 12080424 ----a-w- c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-25 10:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-12 20:02 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 PC Monitor;PC Monitor;c:\program files\PC Monitor\PCMonitorSrv.exe [2014-09-23 815064]
R3 DiCowan;Dialogic Connection Oriented Driver for all Diva Client cards;c:\windows\system32\DRIVERS\disdn\dicowan.sys [2008-09-16 2961536]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-24 204288]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-11 36608]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2010-03-20 101504]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 12800]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\windows\TEMP\tmp991.tmp [x]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 DiMaint;Dialogic Maintenance Treiber;c:\windows\system32\DRIVERS\disdn\dimaint.sys [2007-02-09 583808]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-14 691696]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013-03-28 22056]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013-09-30 38248]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2014-05-12 18552]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2013-10-11 210360]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2013-10-11 44984]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2013-10-11 34856]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2014-09-11 4784144]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-14 176128]
S2 DevoloNetworkService;devolo Network Service;d:\devolo\dlan\devolonetsvc.exe [2014-07-18 3645432]
S2 DiCapi;Dialogic CAPI 2.0 Treiber;c:\windows\system32\DRIVERS\DISDN\capi202k.sys [2007-02-09 245474]
S2 DiPort;Dialogic Port Treiber;c:\windows\system32\DRIVERS\DISDN\diport40.sys [2007-02-15 208640]
S2 EiconDivaLogService;Eicon Diva Log Service;c:\program files\Diva Client\divalog.exe [2006-05-17 168960]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2014-07-18 35840]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2013-10-11 584864]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2013-10-11 4457688]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2014-05-12 58200]
S3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [2013-12-04 50200]
S3 DiWan;Dialogic Treiber für alle Diva Client Karten;c:\windows\system32\drivers\disdn\diwan.sys [2007-04-11 2926720]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2013-10-11 31760]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 1047552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:46]
.
2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-11 16:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Fotoabzug online bestellen ! - hxxp://fotoup.info/ie2wk.php?hid=w3foto
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\
FF - prefs.js: browser.startup.homepage - www.gmx.de
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
MSConfigStartUp-AutoStartNPSAgent - d:\samsung\Samsung New PC Studio\NPSAgent.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-MapsGalaxy EPM Support - c:\progra~1\MAPSGA~2\bar\1.bin\39medint.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\windows\TEMP\tmp991.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2819807599-1883617300-2099825773-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{869B1464-2D9C-B693-FA51-9F94C230DABD}*]
"mamclelfilbkbdmekiimlkkmkb"=hex:6f,61,6c,69,70,6c,6c,6a,6c,65,70,6c,65,64,6c,
68,65,70,6e,63,63,64,70,69,6f,67,6c,67,64,6c,00,6d
"ablcihjfofpkiggifljgdjlhblcnmppjaa"=hex:70,61,6a,63,6f,65,68,6d,63,6a,62,67,
67,6f,61,6a,61,65,6a,66,6d,6a,6a,67,67,67,66,6b,6f,63,64,6d,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-25 09:30:02
ComboFix-quarantined-files.txt 2014-09-25 07:30
.
Vor Suchlauf: 12 Verzeichnis(se), 51.559.239.680 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 51.512.004.608 Bytes frei
.
- - End Of File - - 3E8E31DF26DE6B735C083DA982B0410C
A36C5E4F47E84449FF07ED3517B43A31
|
|
25.09.2014, 13:12
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7 Pro -> LogonUI.exe - Systemfehler |
|
26.09.2014, 08:51
| #7 |
| | Windows 7 Pro -> LogonUI.exe - Systemfehler Guten Morgen. Hier die Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.09.2014 Suchlauf-Zeit: 19:58:21 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.25.09 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: chris Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 306637 Verstrichene Zeit: 8 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 26/09/2014 um 01:17:46
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : chris - DESKTOP
# Gestartet von : C:\Users\chris\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [841 octets] - [25/09/2014 22:34:06]
AdwCleaner[S0].txt - [763 octets] - [26/09/2014 01:17:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [822 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Professional x86
Ran by chris on 26.09.2014 at 7:55:27,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\chris\AppData\Roaming\mozilla\firefox\profiles\nbwhll4s.default\prefs.js
user_pref("flagfox.actions", "[{\"name\":\"Geotool\",\"template\":\"hxxp://geo.flagfox.net/?ip={IPaddress}&host={domainName}\",\"iconclick\":\"click\",\"hotkey\":{\"mods\":\"c
Emptied folder: C:\Users\chris\AppData\Roaming\mozilla\firefox\profiles\nbwhll4s.default\minidumps [22 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.09.2014 at 8:07:31,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by chris (administrator) on DESKTOP on 26-09-2014 08:13:33
Running from C:\Users\chris\Desktop
Loaded Profile: chris (Available profiles: chris)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Dialogic) C:\Program Files\Diva Client\DiTask.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Dialogic) C:\Program Files\Diva Client\cgserver.exe
(Adobe Systems Incorporated) D:\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815576 2014-09-25] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed]
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed]
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 a6n4pjwl; C:\Windows\system32\Drivers\a6n4pjwl.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\chris\AppData\Local\Temp\catchme.sys [X]
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 08:12 - 2014-09-26 08:12 - 00000000 ____D () C:\Users\chris\Desktop\FRST-OlderVersion
2014-09-26 08:07 - 2014-09-26 08:07 - 00001237 _____ () C:\Users\chris\Desktop\JRT.txt
2014-09-26 07:52 - 2014-09-26 07:52 - 00000901 _____ () C:\Users\chris\Desktop\AdwCleaner[S0].txt
2014-09-25 22:34 - 2014-09-26 01:17 - 00000000 ____D () C:\AdwCleaner
2014-09-25 22:33 - 2014-09-25 22:33 - 01024790 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe
2014-09-25 22:32 - 2014-09-25 22:32 - 01373475 _____ () C:\Users\chris\Desktop\AdwCleaner_3.310.exe
2014-09-25 22:31 - 2014-09-25 22:31 - 00001158 _____ () C:\Users\chris\Desktop\mbam.txt
2014-09-25 09:30 - 2014-09-25 09:30 - 00019975 _____ () C:\ComboFix.txt
2014-09-25 09:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-25 09:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-25 09:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-25 09:10 - 2014-09-25 09:30 - 00000000 ____D () C:\Qoobox
2014-09-25 09:10 - 2014-09-25 09:27 - 00000000 ____D () C:\Windows\erdnt
2014-09-25 09:07 - 2014-09-25 09:07 - 05579290 ____R (Swearware) C:\Users\chris\Desktop\ComboFix.exe
2014-09-24 12:18 - 2010-01-20 19:25 - 00000822 _____ () C:\Users\chris\Desktop\hosts für forum
2014-09-24 12:00 - 2014-09-26 08:13 - 00019531 _____ () C:\Users\chris\Desktop\FRST.txt
2014-09-24 11:25 - 2014-09-26 08:13 - 00000000 ____D () C:\FRST
2014-09-24 11:24 - 2014-09-26 08:12 - 01100288 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor
2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-09-05 16:21 - 2014-09-26 08:11 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware
2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt
2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe
2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe
2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf
2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe
2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll
2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll
2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks
2014-08-27 08:51 - 2014-08-27 08:51 - 00003115 _____ () C:\Users\chris\Desktop\Secure Download Manager.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 08:14 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 08:09 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 07:56 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 07:56 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 07:50 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-09-26 07:49 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-09-26 07:49 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 07:48 - 2010-01-12 00:07 - 01340574 _____ () C:\Windows\PFRO.log
2014-09-26 07:48 - 2009-07-14 06:39 - 00386466 _____ () C:\Windows\setupact.log
2014-09-26 01:18 - 2010-01-11 22:38 - 02063772 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 19:57 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 18:19 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 13:01 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-25 09:44 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 09:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-25 09:26 - 2009-07-14 04:04 - 00000260 _____ () C:\Windows\system.ini
2014-09-24 14:29 - 2010-01-15 01:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\vlc
2014-09-24 14:20 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris
2014-09-24 12:23 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard
2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird
Some content of TEMP:
====================
C:\Users\chris\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 00:11
==================== End Of Log ============================
|
|
26.09.2014, 15:50
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - SystemfehlerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.09.2014, 20:24
| #9 |
| | Windows 7 Pro -> LogonUI.exe - Systemfehler Guten Abend. Hier die Logs von ESET, SecCheck und frisches FRST: Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ae781b897a7d694fa24331e53078b6e6
# engine=20325
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-27 02:31:14
# local_time=2014-09-27 04:31:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 117109 163459465 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16641 16777213 100 100 14372 213070562 0 0
# scanned=166313
# found=0
# cleaned=0
# scan_time=3178
Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Emsisoft Anti-Malware Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Flash Player 14.0.0.179 Mozilla Firefox (32.0.3) Mozilla Thunderbird (31.1.2) ````````Process Check: objlist.exe by Laurent```````` Tall Emu Online Armor OAcat.exe Tall Emu Online Armor oasrv.exe Tall Emu Online Armor oaui.exe Tall Emu Online Armor OAhlp.exe Emsisoft Anti-Malware a2service.exe Emsisoft Anti-Malware a2guard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by chris (administrator) on DESKTOP on 27-09-2014 20:46:51
Running from C:\Users\chris\Desktop
Loaded Profile: chris (Available profiles: chris)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oaui.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oahlp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(devolo AG) D:\devolo\dlan\devolonetsvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Eicon Networks) C:\Program Files\Diva Client\divalog.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\PCMonitorSrv.exe
(tzuk) D:\Sandboxie\SbieSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(MMSOFT Design Ltd.) C:\Program Files\PC Monitor\pcmontask.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DiTask] => C:\Program Files\Diva Client\ditask.exe [81920 2007-02-21] (Dialogic)
HKLM\...\Run: [CallGuard] => C:\Program Files\Diva Client\cgserver.exe [45056 2007-03-26] (Dialogic)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ScreenManager Pro for LCD] => C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [12080424 2009-03-02] (EIZO NANAO CORPORATION)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4867544 2014-09-08] (Emsisoft GmbH)
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-06-14] (AMD)
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2819807599-1883617300-2099825773-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C26B8BEA2F9CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default
FF Homepage: www.gmx.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> d:\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Acrobat -> D:\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload-com.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\dvb-upload.xml
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flagfox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012-03-15]
FF Extension: Firefox Extension Backup Extension (FEBE) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}(2) [2010-01-13]
FF Extension: mediaplayerconnectivity - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-07]
FF Extension: FootieFox - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}(2) [2010-01-13]
FF Extension: DownloadHelper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011-12-26]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-07-24]
FF Extension: Extension List Dumper - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\extensionlistdumper@sogame.cat.xpi [2014-05-22]
FF Extension: Live IP Address - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2011-03-23]
FF Extension: FireFTP - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\nbwhll4s.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2011-03-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-13]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-11] (Emsisoft GmbH)
R2 DevoloNetworkService; D:\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks)
R2 EiconDivaLogService; C:\Program Files\Diva Client\divalog.exe [168960 2006-05-17] (Eicon Networks) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-01-20] (Macrovision Europe Ltd.) [File not signed]
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 PC Monitor; C:\Program Files\PC Monitor\PCMonitorSrv.exe [815576 2014-09-25] (MMSOFT Design Ltd.)
R2 SbieSvc; d:\Sandboxie\SbieSvc.exe [66560 2009-12-01] (tzuk) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2009-07-06] ()
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R2 DiCapi; C:\Windows\System32\DRIVERS\DISDN\capi202k.sys [245474 2007-02-09] (Dialogic)
S3 DiCowan; C:\Windows\System32\DRIVERS\disdn\dicowan.sys [2961536 2008-09-16] (Dialogic)
R0 DiMaint; C:\Windows\System32\DRIVERS\disdn\dimaint.sys [583808 2007-02-09] (Dialogic)
R2 DiPort; C:\Windows\System32\DRIVERS\DISDN\diport40.sys [208640 2007-02-15] (Dialogic)
R3 DiWan; C:\Windows\System32\drivers\disdn\diwan.sys [2926720 2007-04-12] (Eicon Networks)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed]
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.) [File not signed]
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2014-07-18] (CACE Technologies) [File not signed]
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-11] (Emsisoft)
R3 SbieDrv; d:\Sandboxie\SbieDrv.sys [119296 2009-12-01] (tzuk) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-14] () [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1047552 2009-05-08] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\system32\drivers\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U3 ay7q6onh; C:\Windows\system32\Drivers\ay7q6onh.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\chris\AppData\Local\Temp\catchme.sys [X]
S3 WinRing0_1_2_0; \??\C:\Windows\TEMP\tmp991.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-27 15:21 - 2014-09-27 15:21 - 00001784 _____ () C:\Users\chris\Desktop\eset.txt
2014-09-27 00:17 - 2014-09-27 00:17 - 00854417 _____ () C:\Users\chris\Desktop\SecurityCheck.exe
2014-09-27 00:16 - 2014-09-27 00:16 - 02347384 _____ (ESET) C:\Users\chris\Desktop\esetsmartinstaller_deu.exe
2014-09-26 08:12 - 2014-09-26 08:12 - 00000000 ____D () C:\Users\chris\Desktop\FRST-OlderVersion
2014-09-26 08:07 - 2014-09-26 08:07 - 00001237 _____ () C:\Users\chris\Desktop\JRT.txt
2014-09-26 07:52 - 2014-09-26 07:52 - 00000901 _____ () C:\Users\chris\Desktop\AdwCleaner[S0].txt
2014-09-25 22:34 - 2014-09-26 01:17 - 00000000 ____D () C:\AdwCleaner
2014-09-25 22:33 - 2014-09-25 22:33 - 01024790 _____ (Thisisu) C:\Users\chris\Desktop\JRT.exe
2014-09-25 22:32 - 2014-09-25 22:32 - 01373475 _____ () C:\Users\chris\Desktop\AdwCleaner_3.310.exe
2014-09-25 22:31 - 2014-09-25 22:31 - 00001158 _____ () C:\Users\chris\Desktop\mbam.txt
2014-09-25 09:30 - 2014-09-25 09:30 - 00019975 _____ () C:\ComboFix.txt
2014-09-25 09:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-25 09:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-25 09:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-25 09:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-25 09:10 - 2014-09-25 09:30 - 00000000 ____D () C:\Qoobox
2014-09-25 09:10 - 2014-09-25 09:27 - 00000000 ____D () C:\Windows\erdnt
2014-09-25 09:07 - 2014-09-25 09:07 - 05579290 ____R (Swearware) C:\Users\chris\Desktop\ComboFix.exe
2014-09-24 12:18 - 2010-01-20 19:25 - 00000822 _____ () C:\Users\chris\Desktop\hosts für forum
2014-09-24 12:00 - 2014-09-27 20:46 - 00019540 _____ () C:\Users\chris\Desktop\FRST.txt
2014-09-24 12:00 - 2014-09-24 12:17 - 00043117 _____ () C:\Users\chris\Desktop\Addition_1.txt
2014-09-24 12:00 - 2014-09-24 12:07 - 00036169 _____ () C:\Users\chris\Desktop\FRST_1.txt
2014-09-24 11:25 - 2014-09-27 20:46 - 00000000 ____D () C:\FRST
2014-09-24 11:24 - 2014-09-26 08:12 - 01100288 _____ (Farbar) C:\Users\chris\Desktop\FRST.exe
2014-09-17 20:22 - 2014-09-17 20:22 - 00001066 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 20:22 - 2014-09-17 20:22 - 00001054 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-10 09:57 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:57 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:57 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:57 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:57 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:57 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:57 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:57 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:57 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:57 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:57 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:57 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:57 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:57 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:57 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:57 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:57 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:57 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:57 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:57 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:57 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:57 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:57 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:57 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:57 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:57 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:57 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:57 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:46 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:38 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-10 09:38 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-10 09:38 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:37 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:37 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:36 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Oracle
2014-09-08 18:50 - 2014-09-08 18:50 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-08 18:50 - 2014-09-08 18:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-08 18:49 - 2014-09-08 18:49 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-08 18:49 - 2014-09-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-05 18:06 - 2014-09-05 18:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 16:24 - 2014-09-05 16:33 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-05 16:24 - 2014-09-05 16:24 - 00000000 ____D () C:\Users\chris\AppData\Roaming\OnlineArmor
2014-09-05 16:22 - 2014-09-11 17:34 - 00000000 ____D () C:\Program Files\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00001059 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-05 16:22 - 2014-09-05 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 16:22 - 2013-10-11 03:41 - 00044984 _____ () C:\Windows\system32\Drivers\oahlp32.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00210360 _____ () C:\Windows\system32\Drivers\OADriver.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2014-09-05 16:22 - 2013-10-11 03:40 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-09-05 16:21 - 2014-09-27 15:34 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-09-05 16:21 - 2014-09-05 16:21 - 00000000 ____D () C:\Users\chris\Documents\Anti-Malware
2014-09-05 15:54 - 2014-09-05 15:54 - 00000201 _____ () C:\Users\chris\Downloads\emsi.txt
2014-09-05 13:11 - 2014-09-05 13:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\chris\Downloads\revosetup95.exe
2014-09-05 13:11 - 2014-09-05 13:11 - 00000752 _____ () C:\Users\chris\Desktop\Revo Uninstaller.lnk
2014-09-03 20:10 - 2014-09-03 20:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\OnlineArmorSetup.exe
2014-09-03 20:09 - 2014-09-03 20:11 - 164728800 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-03 20:05 - 2014-09-03 20:07 - 00000000 ____D () C:\Users\chris\Desktop\marcel pdf
2014-09-02 22:16 - 2014-09-02 14:30 - 179759928 _____ () C:\Users\chris\Downloads\avira_internet_security_de1.exe
2014-09-02 22:16 - 2014-08-28 12:46 - 180010832 _____ (Emsisoft GmbH ) C:\Users\chris\Downloads\EmsisoftInternetSecuritySetup.exe
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\Public\Juniper Networks
2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2014-09-02 15:39 - 2014-04-10 21:34 - 00409712 _____ (Juniper Networks) C:\Windows\system32\dsNcSmartCardProv.dll
2014-09-02 15:39 - 2014-04-10 21:34 - 00364656 _____ (Juniper Networks) C:\Windows\system32\dsNcCredProv.dll
2014-09-02 15:38 - 2014-09-02 15:39 - 00000000 ____D () C:\Program Files\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:39 - 00000000 ____D () C:\Users\chris\AppData\Roaming\Juniper Networks
2014-09-02 15:37 - 2014-09-02 15:37 - 00000000 ____D () C:\Users\chris\AppData\Local\Juniper Networks
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-27 20:15 - 2011-06-11 18:46 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 17:41 - 2010-01-11 22:38 - 01056297 _____ () C:\Windows\WindowsUpdate.log
2014-09-27 12:28 - 2009-07-14 06:39 - 00386858 _____ () C:\Windows\setupact.log
2014-09-27 00:12 - 2011-06-11 18:46 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 12:30 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 12:30 - 2009-07-14 06:34 - 00027968 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 12:23 - 2010-01-17 23:34 - 00000000 ____D () C:\Program Files\Diva Client
2014-09-26 12:23 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 12:21 - 2014-05-22 20:57 - 00003322 _____ () C:\Windows\system32\Drivers\etc\hosts (Kopie).org
2014-09-26 12:14 - 2010-01-11 22:48 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 07:50 - 2011-12-05 01:18 - 00000000 ____D () C:\Program Files\PC Monitor
2014-09-26 07:48 - 2010-01-12 00:07 - 01340574 _____ () C:\Windows\PFRO.log
2014-09-25 19:57 - 2014-05-23 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 18:19 - 2012-04-28 13:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 13:01 - 2013-04-13 17:58 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-25 09:44 - 2013-04-13 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 09:30 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-25 09:26 - 2009-07-14 04:04 - 00000260 _____ () C:\Windows\system.ini
2014-09-24 14:29 - 2010-01-15 01:43 - 00000000 ____D () C:\Users\chris\AppData\Roaming\vlc
2014-09-24 14:20 - 2010-01-11 22:43 - 00000000 ____D () C:\Users\chris
2014-09-13 00:52 - 2014-05-23 19:43 - 00000000 ____D () C:\Users\chris\Desktop\trojanerboard
2014-09-10 18:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-10 15:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 10:05 - 2009-07-14 06:33 - 03823256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 09:57 - 2013-07-20 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 09:51 - 2010-01-11 22:47 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 09:50 - 2014-05-14 10:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 09:28 - 2013-03-09 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-10 09:28 - 2010-01-14 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-08 18:50 - 2013-12-13 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-06 11:00 - 2014-05-21 21:14 - 00000000 ____D () C:\Users\chris\Documents\My Cmaps
2014-09-05 15:58 - 2010-01-30 15:25 - 00000052 _____ () C:\Windows\system32\ashttpstats.csv
2014-09-05 10:56 - 2010-01-14 09:33 - 00000000 ____D () C:\Users\chris\AppData\Local\Thunderbird
Some content of TEMP:
====================
C:\Users\chris\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 00:11
==================== End Of Log ============================
Die Fehlermeldung ist bereits nach der letzten Routine mit Malwarebytes Anti-Malware, AdwCleaner und Junkware Removal Tool verschwunden. Mich interessiert es, welches Tool es behoben hatte. Anhand der Logs kann ich es nicht erkennen. |
|
28.09.2014, 13:30
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler Alle, da es ein Zusammenspiel von Adware war. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-2819807599-1883617300-2099825773-1004\User: Group Policy restriction detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.09.2014, 18:19
| #11 | |
| | Windows 7 Pro -> LogonUI.exe - Systemfehler Hallo, ich habe leider zu früh delfix.exe ausgeführt, so dass Fixlog.txt gelöscht wurde. Aber ich habe davor mir den Inhalt angeschaut und der Punkt "GroupPolicyUsers..." wurde erfolgreich behoben. Delfix wurde ausgeführt: Code:
ATTFilter # DelFix v10.8 - Datei am 28/09/2014 um 18:21:56 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : chris - DESKTOP
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\Qoobox
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\chris\Desktop\FRST-OlderVersion
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\chris\Desktop\Addition_1.txt
Gelöscht : C:\Users\chris\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\chris\Desktop\AdwCleaner_3.310.exe
Gelöscht : C:\Users\chris\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\chris\Desktop
Gelöscht : C:\Users\chris\Desktop\FRST.exe
Gelöscht : C:\Users\chris\Desktop\FRST.txt
Gelöscht : C:\Users\chris\Desktop\FRST_1.txt
Gelöscht : C:\Users\chris\Desktop\JRT.exe
Gelöscht : C:\Users\chris\Desktop\JRT.txt
Gelöscht : C:\Users\chris\Desktop\log.txt
Gelöscht : C:\Users\chris\Desktop\logonui.txt
Gelöscht : C:\Users\chris\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
Zitat:
Mich interessiert sehr, was es genau gewesen ist. Was hat die besagte Datei MSVCP120.dll an sich? Anhand der LOGs erkenne ich nichts (auch keine Bereinigung). Könntest Du ein paar Zeilen darüber schreiben. Danke schon mal. Gruss Chris |
|
29.09.2014, 14:00
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler Die Datei die fehlt ist eine legitime Windows Datei. Warscheinlich eine fehlende Verknüpfung, gerichtet durch Combofix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.09.2014, 14:31
| #13 |
| | Windows 7 Pro -> LogonUI.exe - Systemfehler Danke für Deine Antwort. Also es war keine Adware oder Ähnliches. |
|
30.09.2014, 09:11
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 Pro -> LogonUI.exe - Systemfehler Nope
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 Pro -> LogonUI.exe - Systemfehler |
| .dll, beim starten, bildschirm, bildschirm schwarz, computer, einschalten, erneut, erscheint, folge, folgende, funktioniert, gestartet, installieren, meldung, nicht mehr, nichts, problem, programm, richtig, schwarz, starte, starten, systemfehler, windows, windows 7 |
WARNUNG an die MITLESER: 
Linear-Darstellung
