| |
| |||||||
Log-Analyse und Auswertung: Virenschutz und Anti Malware funktionieren nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
04.04.2015, 12:17
| #16 |
| /// TB-Ausbilder /// Anleitungs-Guru  |  Virenschutz und Anti Malware funktionieren nicht mehr OK. Und gleich weiter mit den nächsten. 
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
04.04.2015, 13:10
| #17 |
 | Virenschutz und Anti Malware funktionieren nicht mehrCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by JMR at 2015-04-04 14:04:29
Running from C:\Users\JMR\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Akamai NetSession Interface (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}) (Version: 1.3.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.25001 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.25 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version: - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2215 - AVAST Software)
Break'n'Run (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Break'n'Run) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon MP610 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.30.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
DNA (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version: - Oberon Media)
DSL Soforthilfe (HKLM-x32\...\DSL Soforthilfe) (Version: 1.1.0.51 - Telefónica Germany GmbH & Co. OHG)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 13.2.0.8623k - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.12_SmartArea_WHQL (HKLM\...\Elantech) (Version: 7.0.5.12 - ELAN Microelectronics Corp.)
Express Gate (HKLM-x32\...\{B149B9A2-3FA8-40ED-866F-C08BB56BFD81}) (Version: 1.2.13.21 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
INSTAR Camera Tool (HKLM-x32\...\{630473B5-3AA9-4477-B6DD-F9EA5BEEDD42}) (Version: 2.0.2.0 - INSTAR)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0019 - ASUS)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
o2 Surfstick (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{D0A3D5D4-9366-490E-9011-DF18BCD7F410}) (Version: 1.4.1 - OLYMPUS IMAGING CORP.)
PHOTOfunSTUDIO 4.0 HD Edition (HKLM-x32\...\{381D847E-7E56-4E82-B261-F799E0F40EB4}) (Version: 4.00.140 - Panasonic Corporation)
Piggly FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}) (Version: - Oberon Media)
PowerLine Utility (HKLM-x32\...\{A0384ECE-2017-4EA8-86C7-513ACB936BDF}) (Version: 1.1.830 - TP-LINK)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.44 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.44 - Saal Digital Fotoservice GmbH) Hidden
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SILKYPIX Developer Studio 3.0 SE (HKLM-x32\...\InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smileyville FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}) (Version: - Oberon Media)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - SRS Labs, Inc.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.13 - ASUS)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
03-04-2015 22:11:00 Wiederherstellungsvorgang
03-04-2015 23:34:26 avast! antivirus system restore point
03-04-2015 23:40:47 Wiederherstellungsvorgang
04-04-2015 10:06:36 avast! antivirus system restore point
04-04-2015 10:25:38 Windows Update
04-04-2015 10:43:06 Removed OLYMPUS Master 2
04-04-2015 10:48:59 Removed OLYMPUS Master 2
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-12-21 23:22 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01B1F20F-2F8F-4774-B4B3-2413729F85E9} - System32\Tasks\{6CB8F38E-220D-4EA6-89F3-7FD07BF35949} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {04A06582-237D-4FAD-90AA-0B10CC1332DC} - System32\Tasks\{3F8B00AD-3DCC-4473-AB78-082789C67B81} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {07E07BFA-C5E6-4F42-A36A-C2A29B024A64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08B85B09-15CD-449A-ACCE-4D710642C00D} - System32\Tasks\{6734EEBA-407A-4CE6-B784-D01BEFC84050} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {1258E861-AA6F-44B1-B24C-69B94A2DC967} - System32\Tasks\{D559F9E2-759E-4318-AF24-842ADF6B1556} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {12DF3EB6-0016-4F8E-8457-D0E21B0ECA7C} - System32\Tasks\{A1AEA5A2-5CD6-4B5E-AD8E-AED6A31BBAAB} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {13696A64-B5FA-42E1-8587-D3DB66D3F8FF} - System32\Tasks\{AD77C81F-3D4F-4DA1-B644-5D6CC55A89C3} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {1A09FB9D-C413-4ECC-AD53-1737E53DA024} - System32\Tasks\{A7FEA7C7-6344-499F-AFE4-402B0BA98266} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {1C1A2776-19DE-481C-869B-338A3FEF20F8} - System32\Tasks\{56B93CD6-9B36-408D-973D-42101AC58A77} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {233F9EF5-F598-4FD2-B008-650733D34DCA} - System32\Tasks\{F9A87038-5643-4D2E-9413-629CAFB80771} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {27089241-2C71-4A14-B31F-E27985ECADAC} - System32\Tasks\{832DCFE9-95D5-484F-8ECC-4CDE2E3AB202} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {270FCBA1-A29F-42FD-89EE-0CB70866A8BC} - System32\Tasks\{FF6FACE1-16CD-40ED-8789-D316D62C25D4} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {27CD2AEB-84E2-4DB6-9205-D809B39AF099} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {2BEF415C-A8D5-4975-A996-EDCA71CF35CC} - System32\Tasks\{65D9773C-BF77-46E9-A8EB-E09885999AEA} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2CC04C14-7666-461D-B5C7-15BD6FF53A90} - System32\Tasks\{9EA2B841-AA46-4C76-9DC0-CC86A4980442} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {3144A218-F795-43E7-8936-37A10F561DCB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {33D75B08-5076-4FB4-B43A-977304D52984} - System32\Tasks\{2B848E28-A995-4180-9ABC-F15E73658471} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {39B561F6-69EC-4436-B059-2B60451D4E29} - System32\Tasks\{1A0CB159-08C3-4DCC-B239-F469C4C4E51A} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {423B88EC-A677-497E-890E-0D70B5CA494A} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
Task: {52BD11EE-30A0-4511-8BD3-3967D662B2AF} - System32\Tasks\{2AFA424D-8A61-4B7A-87E6-487F8B35B017} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5349F3EF-6DBC-42FC-94FD-ED22670CEFDA} - System32\Tasks\{F34F3E00-AC60-4F0E-8688-7AF6D6EB7B47} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5CDCA703-C793-4B70-A1B4-1282C5BBAE2A} - System32\Tasks\{1BA3B669-0280-4AB7-A578-2053255240C2} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5E4517D1-A6D5-4E13-9D5A-0F9C031BECC8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {61A4CFF6-D9EE-41DF-A4F9-CD14B4CF5109} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {63B34D3B-BAB5-450B-8CD1-510FB70C0097} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {63B5A2D7-BC8D-4B5C-AE2B-9CF2AA4272E0} - System32\Tasks\{F2982E5D-CEB2-4604-BCFD-5EC035659011} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6571C3B6-0FDD-4BDD-8010-87C389B976F5} - System32\Tasks\{78416160-E916-4E9C-AAE4-EEE5E25074E8} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6571F630-599A-4F0B-8CAB-A47789EE045E} - System32\Tasks\{4A223F97-FF67-4351-B350-AAEDCA779B1F} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {66475C8E-0319-47CB-9BF2-FE8BE11312F6} - System32\Tasks\{E3FC8612-42FB-4B90-A7B8-9F5779D7951D} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6A5038C9-7DA5-4987-AF12-6B4534ED9C3A} - System32\Tasks\{B4EB44E8-A01C-4FE7-99D5-D2020CB818C7} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6CF373BF-2325-4AEF-B06F-23AC8CF968C6} - System32\Tasks\{2624AE12-354E-410E-858F-DEA8F0FD48BE} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6E2C93D2-8DC7-4C6B-925D-57DD2D460DC6} - System32\Tasks\{B94822C1-607B-4EC2-8B6E-825A5516E6C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6EF002EB-081D-4B35-931F-9C348A866BD2} - System32\Tasks\{8E13369C-69A9-421F-B6FE-3D4E6BE69342} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Dream Day Wedding Married in Manhattan\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Dream Day Wedding Married in Manhattan\install.log"
Task: {717BEAEB-FBD8-4155-B0A4-D46919D601B6} - System32\Tasks\{6B246773-9C31-45BD-AE31-803AE9A94615} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {8FDE1513-59A0-4BE6-8E7F-BAB03AA2BCF3} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {90564CEE-AC46-4499-91F6-3594EFC242DA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {96126B83-71EC-43A6-94A6-83673998060E} - System32\Tasks\{19A99E52-76EB-435F-BB39-BCA3EFBA4A09} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {992DE68C-AEF9-4A0C-9AC2-990B5CC600D2} - System32\Tasks\{E934E0D2-D1FB-45E2-AADD-03FC393670EF} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {99D61B18-41FD-482F-A4B6-3762E7D4E6A2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-11-07] (ATK)
Task: {A78C26BB-234E-4004-8E90-AB1BAE5FB73C} - System32\Tasks\{E99B91BB-C7D7-4913-81B5-0F77786CF7C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {A94E2932-1B11-4908-8749-E8E387CB98A2} - System32\Tasks\{632D5B1A-83EB-4FE9-BCA4-50D302793C93} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {AB2AD3F2-8939-4D06-A803-179FC7EFB3D0} - System32\Tasks\{B23594F3-28CE-42F4-B6F1-27DD7F363349} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ABF21798-A8F6-4A5F-9032-60DA6F93EE35} - System32\Tasks\{12A5ED1C-0B4E-48D8-A9D9-D5999E814FFD} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ADF97F85-9135-4841-9E6F-D3D5A3B40533} - System32\Tasks\{B0751EE5-17A5-4249-AB19-8F18C0837953} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {C0EC2287-8A61-42EF-9C87-A148D085D520} - System32\Tasks\{BDACE48F-F83B-4CC5-A169-B26C4EF977B2} => pcalua.exe -a "C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe" -c uninst.ini
Task: {C1777662-88BF-43E2-A015-D113F5B5EDBE} - System32\Tasks\{010535D7-0CD0-47D9-8E4C-E6BA7CB7DB05} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {C1A48D86-0522-4CEA-8BFF-A202C20BF813} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {CF46610F-D7A9-48AA-B421-9981CB195D00} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-09-23] (TODO: <Company name>)
Task: {D2E54591-FC6B-44C3-B885-1AA498F39A20} - System32\Tasks\{E9698C53-1824-4CC7-A0B9-6663DDA0BD99} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {D33A713D-0358-4968-8FF1-03F176651387} - System32\Tasks\{942CCF83-5B7B-4E48-9B8D-E6DB5F9FDFCA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {E0765BE3-4B5D-471A-856E-F76B0FA4BAE6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {EBE638D0-28F7-44F7-9CD8-A72A03B1DCD1} - System32\Tasks\{1946E732-0BF4-4ACE-B2E6-5F0A2C8B7B4C} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {F0F4B88C-30DF-4EE4-965F-0A64A418B861} - System32\Tasks\{82A1FC45-4F21-4D7B-9FF4-7B534722DEA2} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {FC046845-1C3C-4C15-BCB4-CD7330666FE2} - System32\Tasks\{76E124A8-5C24-4AA6-8181-336B5A7773B2} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Piggly FREE\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Piggly FREE\install.log"
Task: {FEAF62C6-A3D7-4F30-929B-8DE260A443E4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-10-23] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2010-09-12 22:09 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-04-06 18:26 - 2014-04-06 18:25 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-07-24 12:47 - 2014-07-24 12:47 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-24 15:06 - 2014-07-24 15:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-09-12 22:01 - 2010-09-12 22:01 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-09-12 22:01 - 2010-09-12 22:01 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-09-12 22:19 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-09-24 14:50 - 2009-09-24 14:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-10-23 22:40 - 2009-10-23 22:40 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-09-11 21:27 - 2009-09-11 21:27 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-09-12 22:09 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-10-23 01:45 - 2009-10-23 01:45 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2009-07-02 03:54 - 2009-07-02 03:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
2015-04-04 10:19 - 2015-04-04 10:19 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 10:18 - 2015-04-04 10:18 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-04 12:48 - 2015-04-04 12:48 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040400\algo.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-10-13 09:45 - 2014-10-13 09:45 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2010-11-16 19:10 - 2007-07-27 16:10 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ResItf.dll
2010-11-16 19:10 - 2009-07-03 14:04 - 00084992 _____ () C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00074752 _____ () C:\Program Files\ASUS\Net4Switch\ipswobj.dll
2010-11-16 19:10 - 2009-07-01 17:46 - 00461824 _____ () C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
2010-11-16 19:10 - 2009-07-08 12:24 - 00167424 _____ () C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00089088 _____ () C:\Program Files\ASUS\Net4Switch\ipswds.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00065024 _____ () C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
2010-11-16 19:10 - 2009-07-03 14:40 - 00085504 _____ () C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
2010-11-16 19:10 - 2009-07-09 18:41 - 00222720 ____N () C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
2010-11-16 19:10 - 2009-07-03 14:21 - 00042496 _____ () C:\Program Files\ASUS\Net4Switch\iphelper.dll
2010-11-16 19:10 - 2009-07-03 14:11 - 00267264 _____ () C:\Program Files\ASUS\Net4Switch\ipswcore.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00297984 _____ () C:\Program Files\ASUS\Net4Switch\ipswui.dll
2015-04-04 10:19 - 2015-04-04 10:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-13 09:45 - 2014-10-13 09:45 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2014-10-10 23:52 - 2006-09-04 20:26 - 00014336 _____ () C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\Tracer.dll
2014-10-10 23:52 - 2011-04-25 16:12 - 00118784 _____ () C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OlyPalm.dll
2014-10-10 23:52 - 2010-03-19 16:24 - 00372736 _____ () C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OSLite.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JMR\AppData\Roaming\ArcSoft\IMG_0721.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\JMR\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BitTorrent DNA => "C:\Program Files (x86)\DNA\btdna.exe"
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CancelAutoPlay_df => "C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe" run
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CheckNDISPortF0acA7 => C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DSL Soforthilfe => C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe /auto
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Syncables => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
==================== Accounts: =============================
Administrator (S-1-5-21-2283584599-1744461602-3080128891-500 - Administrator - Disabled)
Gast (S-1-5-21-2283584599-1744461602-3080128891-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2283584599-1744461602-3080128891-1004 - Limited - Enabled)
JMR (S-1-5-21-2283584599-1744461602-3080128891-1001 - Administrator - Enabled) => C:\Users\JMR
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/04/2015 01:06:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: smartlogon.exe, Version: 1.0.7.5, Zeitstempel: 0x4a111446
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0150014
Fehleroffset: 0x0008480f
ID des fehlerhaften Prozesses: 0x5dc
Startzeit der fehlerhaften Anwendung: 0xsmartlogon.exe0
Pfad der fehlerhaften Anwendung: smartlogon.exe1
Pfad des fehlerhaften Moduls: smartlogon.exe2
Berichtskennung: smartlogon.exe3
Error: (04/04/2015 10:49:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (04/04/2015 10:48:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (04/04/2015 10:43:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (04/04/2015 10:43:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (04/04/2015 10:25:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (04/04/2015 10:25:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (04/04/2015 10:08:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
Error: (04/04/2015 00:01:20 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows-Sicherung). Zusätzliche Informationen: 0x80070005.
Error: (04/03/2015 11:41:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
TraverseDir : Unable to FindFirstFile.
System Error:
Zugriff verweigert
.
System errors:
=============
Error: (04/04/2015 01:07:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/04/2015 01:07:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Pipe-Listeneradapter erreicht.
Error: (04/04/2015 01:06:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/04/2015 01:06:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/04/2015 01:06:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (04/04/2015 01:04:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/04/2015 01:04:40 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/04/2015 01:04:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/04/2015 01:04:40 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/04/2015 01:04:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 128 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 131 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/20/2011 10:57:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115 seconds with 60 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-09-04 09:48:15.445
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-04 09:48:15.304
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-03-31 13:08:49.736
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-03-31 12:37:21.031
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 46%
Total physical RAM: 4061.02 MB
Available physical RAM: 2155.03 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 5851.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:6.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:44.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by JMR (administrator) on JMR-PC on 04-04-2015 14:03:05 Running from C:\Users\JMR\Downloads Loaded Profiles: JMR (Available profiles: JMR & Gast & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (ASUS) C:\eSupport\SupThrSrv\SupThrSrv.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ASUS) C:\Windows\AsScrPro.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.) HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [308584 2008-12-05] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-24] (RealDownloader) BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-24] (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation) DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522 FF DefaultSearchEngine: Yahoo! (Avast) FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl FF Keyword.URL: https://de.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\DNA\plugins\npbtdna.dll [2013-05-26] (BitTorrent, Inc.) FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-10-13] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-24] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-10-13] (RealPlayer Cloud) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522\searchplugins\yahoo-avast.xml [2015-04-04] FF Extension: Adblock Plus - C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-03] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-21] FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-13] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.) R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-04] (Avast Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-04-06] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-13] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 SupThrSrv; C:\eSupport\SupThrSrv\SupThrSrv.exe [80512 2009-09-04] (ASUS) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] () R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-04] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-04] (Avast Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ipswuio; System32\DRIVERS\ipswuio.sys [X] U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-04 14:03 - 2015-04-04 14:03 - 00018642 _____ () C:\Users\JMR\Downloads\FRST.txt 2015-04-04 14:01 - 2015-04-04 13:56 - 00006573 _____ () C:\Users\JMR\Documents\protection-log-2015-04-04.xml 2015-04-04 13:13 - 2015-04-04 13:13 - 00001449 _____ () C:\Users\JMR\Desktop\AdwCleaner[S1].txt 2015-04-04 12:45 - 2015-04-04 12:45 - 02208768 _____ () C:\Users\JMR\Downloads\AdwCleaner_4.200.exe 2015-04-04 12:34 - 2015-04-04 12:34 - 00022938 _____ () C:\ComboFix.txt 2015-04-04 12:08 - 2015-04-04 12:34 - 00000000 ____D () C:\Qoobox 2015-04-04 12:08 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-04 12:08 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-04 12:08 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-04 12:08 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-04 12:08 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-04 12:08 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-04 12:08 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-04 12:08 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-04 12:06 - 2015-04-04 12:06 - 05617096 ____R (Swearware) C:\Users\JMR\Downloads\ComboFix.exe 2015-04-04 11:41 - 2015-04-04 11:42 - 00000000 ____D () C:\Users\JMR\Desktop\Trojaner 2015-04-04 11:36 - 2015-04-04 14:03 - 00000000 ____D () C:\FRST 2015-04-04 11:35 - 2015-04-04 11:35 - 02095616 _____ (Farbar) C:\Users\JMR\Downloads\FRST64.exe 2015-04-04 10:46 - 2015-04-04 10:46 - 00003122 _____ () C:\Windows\System32\Tasks\{BDACE48F-F83B-4CC5-A169-B26C4EF977B2} 2015-04-04 10:20 - 2015-04-04 10:20 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-04-04 10:19 - 2015-04-04 10:19 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-04-03 23:43 - 2015-04-03 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-04-03 23:43 - 2015-04-03 23:43 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-04-03 20:51 - 2015-04-03 20:51 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\dlg 2015-04-03 19:40 - 2015-04-03 19:40 - 00001371 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel 2015-03-11 18:18 - 2015-02-20 06:41 - 00041984 ____N (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 18:18 - 2015-02-20 06:12 - 00025600 ____N (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 18:17 - 2015-02-03 05:31 - 00503808 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 18:17 - 2015-02-03 05:31 - 00432128 ____N (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 18:17 - 2015-02-03 05:31 - 00229376 ____N (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 18:17 - 2015-02-03 05:31 - 00188416 ____N (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 18:17 - 2015-02-03 05:30 - 01480192 ____N (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 18:17 - 2015-02-03 05:30 - 01069056 ____N (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 18:17 - 2015-02-03 05:30 - 00680960 ____N (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 18:17 - 2015-02-03 05:30 - 00296448 ____N (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 18:17 - 2015-02-03 05:30 - 00140288 ____N (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 18:17 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 18:17 - 2015-02-03 05:30 - 00082432 ____N (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 18:17 - 2015-02-03 05:30 - 00043520 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 18:17 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 18:17 - 2015-02-03 05:12 - 01174528 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 18:17 - 2015-02-03 05:12 - 00179200 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 18:17 - 2015-02-03 05:12 - 00081408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 01461760 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00728064 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00341504 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00314880 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00309760 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00210944 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00136192 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00086528 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00029184 ____N (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00028160 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 18:15 - 2015-03-06 07:42 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 18:15 - 2015-03-06 07:41 - 00031232 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 18:15 - 2015-03-06 07:10 - 00022016 ____N (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 18:15 - 2015-03-06 07:10 - 00017408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 18:15 - 2015-03-06 07:09 - 00096768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 18:14 - 2015-02-20 04:48 - 02886144 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 18:14 - 2015-02-20 04:03 - 02278400 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 18:14 - 2015-02-20 03:28 - 02358784 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 18:14 - 2015-02-20 03:16 - 01548288 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 18:14 - 2015-02-20 03:01 - 01888256 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 18:14 - 2015-02-20 02:57 - 01311232 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 18:14 - 2015-02-13 07:26 - 12875264 ____N (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 18:14 - 2015-02-13 07:22 - 14177280 ____N (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 18:14 - 2015-02-03 05:31 - 01424896 ____N (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 18:14 - 2015-02-03 05:31 - 00215552 ____N (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 18:14 - 2015-01-17 04:48 - 01067520 ____N (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 18:14 - 2015-01-17 04:30 - 00828928 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-04 13:51 - 2014-09-06 20:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-04 13:23 - 2015-02-14 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-04 13:23 - 2010-09-12 21:40 - 01226735 _____ () C:\Windows\WindowsUpdate.log 2015-04-04 13:16 - 2015-01-04 21:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-04 13:13 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-04 13:13 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-04 13:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-04 13:05 - 2014-07-05 08:59 - 00060800 _____ () C:\Windows\PFRO.log 2015-04-04 13:05 - 2014-05-07 07:51 - 00045616 _____ () C:\Windows\setupact.log 2015-04-04 13:04 - 2014-09-06 21:13 - 00000000 ____D () C:\AdwCleaner 2015-04-04 12:42 - 2013-03-21 23:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-04-04 12:37 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages 2015-04-04 12:29 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-04 12:23 - 2010-09-12 21:56 - 00000000 ____D () C:\ProgramData\Temp 2015-04-04 12:07 - 2014-09-04 09:25 - 00000000 ____D () C:\Windows\erdnt 2015-04-04 10:50 - 2011-05-28 21:09 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Skype 2015-04-04 10:41 - 2010-09-12 22:00 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-04 10:40 - 2010-11-16 18:02 - 00000000 ____D () C:\Users\JMR\AppData\Local\Google 2015-04-04 10:26 - 2014-04-05 17:57 - 00001141 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-04-04 10:26 - 2014-04-05 17:57 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-04 10:20 - 2014-04-22 12:35 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-04-04 10:20 - 2014-01-16 08:02 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-04-04 10:20 - 2013-03-21 23:29 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-04-04 10:20 - 2013-03-21 23:29 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-04-04 10:20 - 2013-03-21 23:29 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-04-04 10:20 - 2013-03-21 23:29 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-04-04 10:20 - 2013-03-21 23:29 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-04-04 10:18 - 2013-03-21 23:29 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-04-04 10:04 - 2009-08-04 11:51 - 00725586 _____ () C:\Windows\system32\perfh007.dat 2015-04-04 10:04 - 2009-08-04 11:51 - 00157542 _____ () C:\Windows\system32\perfc007.dat 2015-04-04 10:04 - 2009-07-14 07:13 - 01716058 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-03 23:56 - 2014-12-25 17:10 - 00000000 ____D () C:\Program Files (x86)\WinPcap 2015-04-03 23:56 - 2014-10-10 23:52 - 00000000 ____D () C:\Program Files (x86)\OLYMPUS 2015-04-03 23:56 - 2014-10-04 22:57 - 00000000 ____D () C:\Program Files (x86)\Fotosizer 2015-04-03 23:56 - 2014-09-04 13:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-03 23:56 - 2014-04-05 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-03 23:56 - 2013-08-08 20:24 - 00000000 ____D () C:\Program Files\GIMP 2 2015-04-03 23:56 - 2010-11-21 18:52 - 00000000 ____D () C:\Program Files (x86)\Canon 2015-04-03 23:56 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2015-04-03 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-04-03 23:55 - 2015-02-12 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2 2015-04-03 23:55 - 2014-12-25 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2015-04-03 23:55 - 2014-11-09 15:59 - 00000000 ____D () C:\Users\JMR\Desktop\Manu Fuerte 2015-04-03 23:55 - 2014-10-10 23:54 - 00000000 ____D () C:\Users\JMR\AppData\Local\OLYMPUS 2015-04-03 23:55 - 2014-10-04 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer 2015-04-03 23:55 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool 2015-04-03 23:55 - 2013-10-27 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-04-03 23:55 - 2013-08-08 20:29 - 00000000 ____D () C:\Users\JMR\AppData\Local\gtk-2.0 2015-04-03 23:55 - 2010-11-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-04-03 23:55 - 2010-11-16 11:27 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-04-03 23:55 - 2010-11-16 11:27 - 00000000 ____D () C:\Users\JMR 2015-04-03 23:55 - 2010-09-12 22:17 - 00000000 ____D () C:\ProgramData\P4G 2015-04-03 23:55 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool 2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-03 23:30 - 2015-02-27 14:42 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Spotify 2015-04-03 22:28 - 2010-11-23 18:10 - 00000000 ____D () C:\Users\Gast 2015-04-03 22:27 - 2014-11-09 15:59 - 00000000 ____D () C:\Users\JMR\Desktop\jahr 2014 2015-04-03 22:27 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-04-03 22:23 - 2014-04-05 17:58 - 00000000 ____D () C:\Users\JMR\AppData\Local\Mozilla 2015-04-03 22:22 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia 2015-04-03 22:22 - 2011-05-17 23:15 - 00000000 ____D () C:\ProgramData\Real 2015-04-03 21:49 - 2015-02-27 14:43 - 00000000 ____D () C:\Users\JMR\AppData\Local\Spotify 2015-04-03 19:49 - 2013-08-08 20:26 - 00000000 ____D () C:\Users\JMR\.gimp-2.8 2015-04-02 20:17 - 2014-11-21 18:19 - 00000000 ____D () C:\Users\JMR\Documents\Grundeinstellungen_Spaichinger_Schallpegelmesser 2015-04-02 17:11 - 2012-11-18 09:39 - 00071168 ___SH () C:\Users\JMR\Documents\Thumbs.db 2015-03-24 08:48 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-12 08:14 - 2013-08-14 21:16 - 00000000 ____D () C:\Windows\system32\MRT ==================== Files in the root of some directories ======= 2015-04-03 19:40 - 2015-04-03 19:40 - 0001371 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel 2011-05-01 20:55 - 2014-03-30 19:12 - 0007605 _____ () C:\Users\JMR\AppData\Local\resmon.resmoncfg 2012-01-08 15:11 - 2012-01-08 15:11 - 0000000 _____ () C:\Users\JMR\AppData\Local\{62C30138-F2C1-48EC-86AE-182A550822B2} 2011-05-28 21:11 - 2011-05-28 21:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2010-09-12 22:01 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-09-12 21:56 - 2010-09-12 21:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-09-12 21:56 - 2010-09-12 21:56 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\JMR\AppData\Local\Temp\Quarantine.exe C:\Users\JMR\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 14:10 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Vielen Dank schonmal für die superschnelle Hilfe Anti malware hat nichts gefunden und auch keinen log geöffnet! |
|
04.04.2015, 13:21
| #18 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virenschutz und Anti Malware funktionieren nicht mehr__________________
__________________ |
|
04.04.2015, 13:27
| #19 |
| | Virenschutz und Anti Malware funktionieren nicht mehrCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.04.2015 Suchlauf-Zeit: 13:16:01 Logdatei: malware.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.04.02 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: JMR Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 451592 Verstrichene Zeit: 40 Min, 28 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) |
|
04.04.2015, 13:29
| #20 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virenschutz und Anti Malware funktionieren nicht mehr Gut, letzte Kontrolle: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
04.04.2015, 15:29
| #21 |
| | Virenschutz und Anti Malware funktionieren nicht mehr [CODE]ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e3d61bcae0b8d04c9e6ffa2904af3c29 # engine=23232 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-04-04 02:20:45 # local_time=2015-04-04 04:20:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Internet Security' # compatibility_mode=779 16777213 85 74 20909 192577735 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 21176 179787095 0 0 # scanned=195811 # found=3 # cleaned=3 # scan_time=5935 sh=9385D4A3525F9DBDB12EA5A99FAE8B1B5B6A851B ft=1 fh=c2abacba2fac7cff vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\JMR\Downloads\NetSpeedMonitor 64 Bit - CHIP-Installer.exe" sh=DDA8FE241709A4C4C9CC344C6101F68A07895065 ft=1 fh=bebc75b9a949a91c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\JMR\Downloads\NetWorx - CHIP-Installer.exe" sh=2FD3702F8BC67A884FF5EB4FE438ED47E2B86B65 ft=1 fh=12a0ea5e7d86ce05 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\System Volume Information\SystemRestore\FRStaging\Users\JMR\Downloads\TinyPic - CHIP-Installer.exe" [CODE] |
|
04.04.2015, 15:37
| #22 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virenschutz und Anti Malware funktionieren nicht mehr Hi, Schritt 1   Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {717BEAEB-FBD8-4155-B0A4-D46919D601B6} - System32\Tasks\{6B246773-9C31-45BD-AE31-803AE9A94615} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC
 Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
04.04.2015, 16:04
| #23 |
| | Virenschutz und Anti Malware funktionieren nicht mehrCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by JMR at 2015-04-04 16:47:30 Run:2
Running from C:\Users\JMR\Desktop\Trojaner
Loaded Profiles: JMR (Available profiles: JMR & Gast & DefaultAppPool)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {717BEAEB-FBD8-4155-B0A4-D46919D601B6} - System32\Tasks\{6B246773-9C31-45BD-AE31-803AE9A94615} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{717BEAEB-FBD8-4155-B0A4-D46919D601B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{717BEAEB-FBD8-4155-B0A4-D46919D601B6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6B246773-9C31-45BD-AE31-803AE9A94615} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B246773-9C31-45BD-AE31-803AE9A94615}" => Key deleted successfully.
"C:\Program Files (x86)\Uniblue\SpeedUpMyPC" => File/Directory not found.
The system needed a reboot.
==== End of Fixlog 16:47:32 ====
|
|
04.04.2015, 16:05
| #24 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virenschutz und Anti Malware funktionieren nicht mehr Noch Probleme?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
04.04.2015, 16:08
| #25 |
| | Virenschutz und Anti Malware funktionieren nicht mehr Nein, ist alles super! Vielen Dank! Und noch Frohe Ostern! Gruß Ela |
|
04.04.2015, 16:20
| #26 |
| /// TB-Ausbilder /// Anleitungs-Guru | Virenschutz und Anti Malware funktionieren nicht mehr Danke, Dir auch! Bitte Dein Java deinstallieren und mit der aktuellen Version ersetzen. Adobe Flash Player updaten. >>clean<< Wir haben es geschafft!  Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.   Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung:  ESET Smart Security Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Virenschutz und Anti Malware funktionieren nicht mehr |
| anti, anti malware, automatisch, deinstalliere, dringend, funktionieren, funktionieren nicht, hallo zusammen, hilfe, malware, nicht mehr, schaltet, schutz, schön, virenschutz, zusammen |
Linear-Darstellung
