|
Log-Analyse und Auswertung: Positive finds malware auf Windows 8Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.02.2015, 20:14 | #1 |
| Positive finds malware auf Windows 8 Hallo zusammen, habe mir leider auch diese Pest positiv finds eingefangen. Mit avira mal einen Durchlauf gestartet. Hat auch 3 Funde ergeben aber leider nichts gebracht. Bin leider total unerfahren und hab garkeine Ahnung was ich tun kann. Kann mir jemand helfen ?:-( |
03.02.2015, 20:59 | #2 |
/// the machine /// TB-Ausbilder | Positive finds malware auf Windows 8 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
03.02.2015, 21:09 | #3 |
| Positive finds malware auf Windows 8 FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Michael Greis (administrator) on MICHAEL on 03-02-2015 20:18:37 Running from C:\Users\Michael Greis\Downloads Loaded Profiles: Michael Greis (Available profiles: Michael Greis) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Avanquest Software) C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Windows\jmesoft\Service.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\SysWOW64\UMonit.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE (Lenovo) C:\Windows\jmesoft\hotkey.exe () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe () C:\Windows\jmesoft\JME_LOAD.exe () C:\Windows\SysWOW64\C2MP\TrayMenu.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor) HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] () HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444840 2013-09-27] (IncrediMail, Ltd.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2013-10-26] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\MountPoints2: {64616c87-329c-11e2-be69-806e6f6e6963} - "D:\autorun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe () ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MA76F579E-BE71-492A-984C-81C285828421&SearchSource=55&CUI=&UM=8&UP=SP2179EEFF-505A-4903-B2BA-009DE5B38233&SSPV= HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {5627FE39-D1D2-47DC-A92E-1885F9300B08} URL = SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {5C92F3BC-E493-41AF-9DC4-B2FD315E69FE} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {98C55749-9195-48B0-9DED-BE9FEC6C3EE7} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {C97AD7F7-E60C-4503-A58C-A49225DAE478} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {CBBD290A-AAB6-4C6F-BC9F-795DD42D3164} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {CEB9F694-4BEC-4B15-AC63-54FCDAB71EFE} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Michael Greis\AppData\Roaming\Mozilla\Firefox\Profiles\pOgysAjd.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Michael Greis\AppData\Roaming\Mozilla\Firefox\Profiles\pOgysAjd.default\Extensions\abs@avira.com [2015-02-02] Chrome: ======= CHR HomePage: Default -> https://www.google.de/ CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-29] CHR Extension: (Google Drive) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13] CHR Extension: (YouTube) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-29] CHR Extension: (Google-Suche) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-29] CHR Extension: (Google Wallet) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29] CHR Extension: (Google Mail) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-06-08] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed] R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed] S3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed] R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 20:18 - 2015-02-03 20:19 - 00020858 _____ () C:\Users\Michael Greis\Downloads\FRST.txt 2015-02-03 20:18 - 2015-02-03 20:18 - 00000000 ____D () C:\FRST 2015-02-03 20:17 - 2015-02-03 20:17 - 02131456 _____ (Farbar) C:\Users\Michael Greis\Downloads\FRST64.exe 2015-02-03 07:36 - 2015-02-03 07:36 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\PC Speed Maximizer 2015-02-03 07:31 - 2015-02-03 07:31 - 00077312 _____ (Emsisoft GmbH) C:\WINDOWS\system32\eamclean.exe 2015-02-03 07:31 - 2015-02-03 07:31 - 00000408 _____ () C:\WINDOWS\system32\eamclean.dat 2015-02-02 22:36 - 2015-02-02 22:36 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-02-02 21:26 - 2015-02-02 21:26 - 00001114 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2015-02-02 21:26 - 2015-02-02 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2015-02-02 21:25 - 2015-02-03 17:08 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-02-02 21:22 - 2015-02-02 21:25 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Michael Greis\Downloads\EmsisoftAntiMalware4799Setup.exe 2015-02-02 19:22 - 2015-02-02 19:20 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-02-02 19:21 - 2015-02-03 07:40 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-02-02 19:21 - 2015-02-02 19:21 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Mozilla 2015-02-02 19:20 - 2015-02-03 07:40 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-02 19:20 - 2015-02-03 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-02 19:20 - 2015-02-02 19:20 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-02-02 19:20 - 2015-02-02 19:20 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Avira 2015-02-02 19:19 - 2015-02-03 07:40 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-02-02 19:19 - 2015-02-02 19:21 - 00000000 ____D () C:\ProgramData\Avira 2015-02-02 19:19 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-02-02 19:19 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-02-02 19:19 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-02-02 19:15 - 2015-02-02 19:18 - 154051656 _____ () C:\Users\Michael Greis\Downloads\avira_free_antivirus_de.exe 2015-02-02 17:39 - 2015-02-03 07:34 - 00003116 _____ () C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup 2015-02-02 17:39 - 2015-02-02 17:39 - 00001212 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk 2015-02-02 17:39 - 2015-02-02 17:39 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Nico Mak Computing 2015-02-02 17:39 - 2015-02-02 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing 2015-02-02 17:39 - 2015-02-02 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2015-02-02 17:39 - 2015-02-02 17:39 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector 2015-02-02 17:39 - 2013-03-15 17:10 - 00020480 _____ () C:\WINDOWS\system32\wsusnative64.exe 2015-02-02 17:38 - 2015-02-02 17:38 - 04917720 _____ (WinZip International LLC ) C:\Users\Michael Greis\Downloads\wzmp_8.exe 2015-02-02 17:15 - 2015-02-02 17:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-02 17:10 - 2015-02-02 17:14 - 166920400 _____ () C:\Users\Michael Greis\Downloads\setup_11.0.3.8.x01_2014_12_29_19_35.exe 2015-02-02 17:10 - 2015-02-02 17:13 - 166920400 _____ () C:\Users\Michael Greis\Downloads\setup_11.0.3.8.x01_2014_12_29_19_35 (1).exe 2015-02-02 17:05 - 2015-02-03 07:57 - 00003278 _____ () C:\WINDOWS\System32\Tasks\PC Speed Maximizer Schedule 2015-02-02 17:05 - 2015-02-03 07:31 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2015-02-02 17:05 - 2015-02-02 17:05 - 00001140 _____ () C:\Users\Michael Greis\Desktop\PC Speed Maximizer.lnk 2015-02-02 17:05 - 2015-02-02 17:05 - 00000000 ____D () C:\Users\Michael Greis\Documents\PC Speed Maximizer 2015-02-02 17:05 - 2015-02-02 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2015-02-02 17:00 - 2015-02-02 17:01 - 28598072 _____ (TuneUp Software) C:\Users\Michael Greis\Downloads\TuneUpUtilities2014_34de-DE.exe 2015-02-02 16:52 - 2015-02-02 16:52 - 28598072 _____ (TuneUp Software) C:\Users\Michael Greis\Downloads\TuneUpUtilities2014_de-DE.exe 2015-02-02 16:42 - 2015-02-02 16:42 - 00004288 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater 2015-02-02 16:41 - 2015-02-02 16:56 - 00000000 ____D () C:\Program Files\Reimage 2015-02-02 16:41 - 2015-02-02 16:42 - 00000000 ____D () C:\ProgramData\Reimage Protector 2015-02-02 16:40 - 2015-02-02 16:40 - 00775968 _____ (Reimage®) C:\Users\Michael Greis\Downloads\ReimageRepair.exe 2015-02-01 09:24 - 2015-02-01 09:24 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\RHEng 2015-02-01 09:24 - 2015-02-01 09:24 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-01 09:23 - 2015-02-01 09:23 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael Greis\Downloads\FreeYouTubeToMP3Converter.exe 2015-01-14 13:22 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 13:22 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 13:22 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 13:22 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 13:22 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 13:22 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 13:22 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 13:22 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 13:22 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 13:22 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 13:22 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 13:22 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 13:22 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 13:22 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 13:22 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 13:22 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 13:22 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 13:22 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 13:22 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 13:22 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 13:22 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-10 16:59 - 2015-01-10 16:59 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 20:02 - 2013-10-18 00:39 - 01724040 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-03 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-03 19:50 - 2013-08-22 15:46 - 00315964 _____ () C:\WINDOWS\setupact.log 2015-02-03 17:37 - 2013-09-29 09:33 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 17:20 - 2013-10-22 23:32 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B80A1D4-6CB0-4234-A1D8-5BC7B1522F0A} 2015-02-03 17:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2015-02-03 07:45 - 2013-09-26 04:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4153893474-174729634-3916336334-1001 2015-02-03 07:35 - 2013-10-18 15:57 - 00000000 ___DO () C:\Users\Michael Greis\SkyDrive 2015-02-03 07:34 - 2013-09-29 09:33 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 07:34 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-03 07:33 - 2013-09-29 20:04 - 00215604 _____ () C:\WINDOWS\PFRO.log 2015-02-03 07:33 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-02 21:40 - 2013-09-29 09:33 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-02 17:01 - 2014-06-08 07:45 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-02-02 16:52 - 2014-06-08 07:46 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-01 09:24 - 2014-06-08 07:46 - 00001559 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-02-01 09:24 - 2014-06-08 07:46 - 00001268 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-02-01 09:24 - 2014-06-08 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-01 09:24 - 2014-06-08 07:45 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-01 09:24 - 2014-06-08 07:42 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\DVDVideoSoft 2015-01-28 02:40 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-26 18:06 - 2013-10-18 00:43 - 00000000 ____D () C:\Users\Michael Greis 2015-01-26 18:01 - 2013-09-25 05:56 - 00000008 _____ () C:\Users\Michael Greis\Documents\lmscfg 2015-01-26 07:13 - 2013-09-26 04:10 - 00000212 _____ () C:\Users\Michael Greis\Documents\pms.xml 2015-01-24 21:20 - 2014-10-19 06:33 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-10-19 06:33 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 18:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-20 22:21 - 2014-02-13 00:43 - 00000000 ____D () C:\Users\Michael Greis\Datensicherung 2015-01-14 17:18 - 2013-09-27 15:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 17:16 - 2013-09-27 15:20 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-10 16:58 - 2012-11-20 00:13 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-09 21:50 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-09 21:50 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-09 21:50 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-05 23:15 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2015-01-05 23:13 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated ==================== Files in the root of some directories ======= 2013-09-27 14:42 - 2014-11-28 15:20 - 0008192 _____ () C:\Users\Michael Greis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Users\Michael Greis\AppData\Local\Temp\avgnt.exe C:\Users\Michael Greis\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Michael Greis\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Michael Greis\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe C:\Users\Michael Greis\AppData\Local\Temp\ReimagePackage.exe C:\Users\Michael Greis\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Michael Greis\AppData\Local\Temp\SDShelEx-x64.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 07:46 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Michael Greis at 2015-02-03 20:19:21 Running from C:\Users\Michael Greis\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Benutzerhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION) Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo) Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.) EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies) Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.4.2.WIN.FullTilt.EU - ) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) IncrediMail (x32 Version: 6.6.0.5282 - IncrediMail) Hidden IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5282 - IncrediMail Ltd.) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) IP Camera Viewer 2 (HKLM-x32\...\IP Camera Viewer_is1) (Version: - DeskShare Inc.) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo) Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG) Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.) Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.) Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR) Netzwerkhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - ) NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation) NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) PC Speed Maximizer v4 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 4.0 - Avanquest Software) Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.) Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.) Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATTENTION Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows 8 Codec Pack 2.0.1 (HKLM-x32\...\Windows 8 - Codec Pack) (Version: 2.0.1 - Windows 8 Codec Pack) WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. ) WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.14260 - WinZip International LLC) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-01-2015 06:26:46 Geplanter Prüfpunkt 28-01-2015 02:39:29 Windows Update 02-02-2015 15:08:19 Removed SearchMe Toolbar v10.8. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {024910F3-6DCF-4CE5-959E-F1EFBEE630C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.) Task: {2C0E93CA-B5D4-4222-AE9E-085D7672F180} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION Task: {2CC452EF-2DC6-4901-BEE1-2EF3930B4295} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation) Task: {361CAF5C-44B7-4405-B980-14C649EFEBCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.) Task: {37C65151-76EF-4C83-AADF-98F9592248F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {49A476F0-60DD-454D-BE95-B59CBB4A123A} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2014-12-02] (Nico Mak Computing) Task: {7EBD527C-2B66-47E7-A2AE-5A57333A6766} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {B5D5DDEB-DFB9-4046-A739-4FCE52CF28F1} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe [2014-11-05] (Avanquest Software) Task: {C1D8AEEA-A022-400F-BA31-E2D0A6BB4E33} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {FDC310CA-E64D-477D-BC50-EED1DBC5FA53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe |
04.02.2015, 18:46 | #4 |
/// the machine /// TB-Ausbilder | Positive finds malware auf Windows 8 Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.02.2015, 23:37 | #5 |
| Positive finds malware auf Windows 8 Hallo, vielen Dank schonmal vorab für die Hilfe. Hier die 4 dateien: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.02.2015 Suchlauf-Zeit: 22:43:35 Logdatei: mbam.txt Administrator: Nein Version: 2.00.4.1028 Malware Datenbank: v2015.02.04.11 Rootkit Datenbank: v2015.02.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Michael Greis Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 369299 Verstrichene Zeit: 16 Min, 4 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 14 PUP.Optional.Spigot.A, HKLM\SOFTWARE\CLASSES\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, In Quarantäne, [8eed61b92c5ec96d697032cccb37ce32], PUP.Optional.Spigot.A, HKU\S-1-5-21-4153893474-174729634-3916336334-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Löschen bei Neustart, [8eed61b92c5ec96d697032cccb37ce32], PUP.Optional.Spigot.A, HKU\S-1-5-21-4153893474-174729634-3916336334-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}, Löschen bei Neustart, [8eed61b92c5ec96d697032cccb37ce32], PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}, In Quarantäne, [1c5fe13919715ed8d4f34cac04fe649c], PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, In Quarantäne, [1c5fe13919715ed8d4f34cac04fe649c], PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, In Quarantäne, [1c5fe13919715ed8d4f34cac04fe649c], PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, In Quarantäne, [1c5fe13919715ed8d4f34cac04fe649c], PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, In Quarantäne, [1c5fe13919715ed8d4f34cac04fe649c], PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, In Quarantäne, [1c5fe13919715ed8d4f34cac04fe649c], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hbcennhacfaagdopikcegfcobcadeocj, In Quarantäne, [443702185f2b4ee8de2e0aabe81b649c], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj, In Quarantäne, [94e73dddcfbbc670907db9fc897a827e], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, In Quarantäne, [ef8cad6d5b2fd3630509971e9370df21], PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfndaklgolladniicklehhancnlgocpp, In Quarantäne, [cfac1efc612948eedd323580897ab14f], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-4153893474-174729634-3916336334-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Löschen bei Neustart, [f58631e94c3ee65042d26731ac5719e7], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 1 PUP.Optional.Trovi.A, HKU\S-1-5-21-4153893474-174729634-3916336334-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MA76F579E-BE71-492A-984C-81C285828421&SearchSource=55&CUI=&UM=8&UP=SP2179EEFF-505A-4903-B2BA-009DE5B38233&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MA76F579E-BE71-492A-984C-81C285828421&SearchSource=55&CUI=&UM=8&UP=SP2179EEFF-505A-4903-B2BA-009DE5B38233&SSPV=),Löschen bei Neustart,[bbc00713bdcd270fca06e0c611f4ef11] Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Adware.Agent, C:\Users\Michael Greis\AppData\Local\Temp\PositiveFinds\Setup.exe, In Quarantäne, [0279cc4e4d3d31051cae94722fd1cf31], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 04/02/2015 um 23:15:48 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-02-04.1 [Live] # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Michael Greis - MICHAEL # Gestartet von : C:\Users\Michael Greis\Downloads\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : ReimageRealTimeProtector ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Reimage Protector Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer Ordner Gelöscht : C:\Program Files\Reimage Ordner Gelöscht : C:\Users\Michael Greis\AppData\Roaming\PC Speed Maximizer Ordner Gelöscht : C:\Users\Michael Greis\AppData\Roaming\RHEng Ordner Gelöscht : C:\Users\Michael Greis\Documents\PC Speed Maximizer Datei Gelöscht : C:\Users\Michael Greis\Desktop\PC Speed Maximizer.lnk Datei Gelöscht : C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal ***** [ Tasks ] ***** Task Gelöscht : PC Speed Maximizer Schedule Task Gelöscht : ReimageUpdater ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\pc speed maximizer Schlüssel Gelöscht : HKLM\SOFTWARE\ImInstaller Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v -\\ Google Chrome v40.0.2214.94 ************************* AdwCleaner[R0].txt - [3596 octets] - [04/02/2015 23:14:44] AdwCleaner[S0].txt - [3295 octets] - [04/02/2015 23:15:48] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3355 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 8.1 x64 Ran by Michael Greis on 04.02.2015 at 23:22:22,61 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Michael Greis\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage" Successfully deleted: [File] "C:\Users\Michael Greis\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Michael Greis\music\qtrax media library" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04.02.2015 at 23:24:52,67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01 Ran by Michael Greis (administrator) on MICHAEL on 04-02-2015 23:27:41 Running from C:\Users\Michael Greis\Downloads Loaded Profiles: Michael Greis (Available profiles: Michael Greis) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\SysWOW64\UMonit.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe (Lenovo) C:\Windows\jmesoft\hotkey.exe () C:\Windows\SysWOW64\C2MP\TrayMenu.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe () C:\Windows\jmesoft\JME_LOAD.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Thisisu) C:\Users\Michael Greis\Downloads\JRT.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\Michael Greis\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor) HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] () HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444840 2013-09-27] (IncrediMail, Ltd.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2013-10-26] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\MountPoints2: {64616c87-329c-11e2-be69-806e6f6e6963} - "D:\autorun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe () ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {5627FE39-D1D2-47DC-A92E-1885F9300B08} URL = SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {5C92F3BC-E493-41AF-9DC4-B2FD315E69FE} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {98C55749-9195-48B0-9DED-BE9FEC6C3EE7} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {C97AD7F7-E60C-4503-A58C-A49225DAE478} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {CBBD290A-AAB6-4C6F-BC9F-795DD42D3164} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {CEB9F694-4BEC-4B15-AC63-54FCDAB71EFE} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Michael Greis\AppData\Roaming\Mozilla\Firefox\Profiles\pOgysAjd.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Michael Greis\AppData\Roaming\Mozilla\Firefox\Profiles\pOgysAjd.default\Extensions\abs@avira.com [2015-02-02] Chrome: ======= CHR HomePage: Default -> https://www.google.de/ CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-29] CHR Extension: (Google Drive) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13] CHR Extension: (YouTube) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-29] CHR Extension: (Google-Suche) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-29] CHR Extension: (Google Wallet) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29] CHR Extension: (Google Mail) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed] R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed] S3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 23:27 - 2015-02-04 23:27 - 02131968 _____ (Farbar) C:\Users\Michael Greis\Downloads\FRST64 (2).exe 2015-02-04 23:27 - 2015-02-04 23:27 - 02131968 _____ (Farbar) C:\Users\Michael Greis\Downloads\FRST64 (1).exe 2015-02-04 23:24 - 2015-02-04 23:24 - 00001023 _____ () C:\Users\Michael Greis\Desktop\JRT.txt 2015-02-04 23:20 - 2015-02-04 23:20 - 01388274 _____ (Thisisu) C:\Users\Michael Greis\Downloads\JRT.exe 2015-02-04 23:18 - 2015-02-04 23:18 - 00003451 _____ () C:\Users\Michael Greis\Desktop\AdwCleaner[S0].txt 2015-02-04 23:14 - 2015-02-04 23:15 - 00000000 ____D () C:\AdwCleaner 2015-02-04 23:14 - 2015-02-04 23:14 - 02194432 _____ () C:\Users\Michael Greis\Downloads\AdwCleaner_4.109.exe 2015-02-04 23:13 - 2015-02-04 23:13 - 00004431 _____ () C:\Users\Michael Greis\Desktop\mbam.txt 2015-02-04 22:42 - 2015-02-04 23:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 22:42 - 2015-02-04 22:42 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 22:42 - 2015-02-04 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 22:42 - 2015-02-04 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 22:42 - 2015-02-04 22:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 22:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-04 22:42 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-04 22:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-04 22:40 - 2015-02-04 22:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michael Greis\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-04 22:33 - 2015-02-04 22:33 - 00001291 _____ () C:\Users\Michael Greis\Desktop\Revo Uninstaller.lnk 2015-02-04 22:33 - 2015-02-04 22:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-02-04 22:32 - 2015-02-04 22:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michael Greis\Downloads\revosetup95.exe 2015-02-04 17:10 - 2015-02-04 17:10 - 00027779 _____ () C:\WINDOWS\system32\ScanResults.xml 2015-02-04 17:08 - 2015-02-04 17:08 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2015-02-03 20:19 - 2015-02-03 20:19 - 00027743 _____ () C:\Users\Michael Greis\Downloads\Addition.txt 2015-02-03 20:18 - 2015-02-04 23:27 - 00019172 _____ () C:\Users\Michael Greis\Downloads\FRST.txt 2015-02-03 20:18 - 2015-02-04 23:27 - 00000000 ____D () C:\FRST 2015-02-03 20:17 - 2015-02-03 20:17 - 02131456 _____ (Farbar) C:\Users\Michael Greis\Downloads\FRST64.exe 2015-02-03 07:31 - 2015-02-03 07:31 - 00077312 _____ (Emsisoft GmbH) C:\WINDOWS\system32\eamclean.exe 2015-02-03 07:31 - 2015-02-03 07:31 - 00000408 _____ () C:\WINDOWS\system32\eamclean.dat 2015-02-02 22:36 - 2015-02-02 22:36 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-02-02 21:22 - 2015-02-02 21:25 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Michael Greis\Downloads\EmsisoftAntiMalware4799Setup.exe 2015-02-02 19:22 - 2015-02-02 19:20 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-02-02 19:21 - 2015-02-03 07:40 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-02-02 19:21 - 2015-02-02 19:21 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Mozilla 2015-02-02 19:20 - 2015-02-03 07:40 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-02 19:20 - 2015-02-03 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-02 19:20 - 2015-02-02 19:20 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-02-02 19:20 - 2015-02-02 19:20 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Avira 2015-02-02 19:19 - 2015-02-03 07:40 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-02-02 19:19 - 2015-02-02 19:21 - 00000000 ____D () C:\ProgramData\Avira 2015-02-02 19:19 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-02-02 19:19 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-02-02 19:19 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-02-02 19:15 - 2015-02-02 19:18 - 154051656 _____ () C:\Users\Michael Greis\Downloads\avira_free_antivirus_de.exe 2015-02-02 17:39 - 2015-02-04 22:47 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Nico Mak Computing 2015-02-02 17:38 - 2015-02-02 17:38 - 04917720 _____ (WinZip International LLC ) C:\Users\Michael Greis\Downloads\wzmp_8.exe 2015-02-02 17:15 - 2015-02-02 17:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-02 17:10 - 2015-02-02 17:14 - 166920400 _____ () C:\Users\Michael Greis\Downloads\setup_11.0.3.8.x01_2014_12_29_19_35.exe 2015-02-02 17:10 - 2015-02-02 17:13 - 166920400 _____ () C:\Users\Michael Greis\Downloads\setup_11.0.3.8.x01_2014_12_29_19_35 (1).exe 2015-02-02 17:00 - 2015-02-02 17:01 - 28598072 _____ (TuneUp Software) C:\Users\Michael Greis\Downloads\TuneUpUtilities2014_34de-DE.exe 2015-02-02 16:52 - 2015-02-02 16:52 - 28598072 _____ (TuneUp Software) C:\Users\Michael Greis\Downloads\TuneUpUtilities2014_de-DE.exe 2015-02-02 16:40 - 2015-02-02 16:40 - 00775968 _____ (Reimage®) C:\Users\Michael Greis\Downloads\ReimageRepair.exe 2015-02-01 09:24 - 2015-02-01 09:24 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-01 09:23 - 2015-02-01 09:23 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael Greis\Downloads\FreeYouTubeToMP3Converter.exe 2015-01-14 13:22 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 13:22 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 13:22 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 13:22 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 13:22 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 13:22 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 13:22 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 13:22 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 13:22 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 13:22 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 13:22 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 13:22 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 13:22 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 13:22 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 13:22 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 13:22 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 13:22 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 13:22 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 13:22 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 13:22 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 13:22 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-10 16:59 - 2015-01-10 16:59 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 23:21 - 2013-09-26 04:16 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4153893474-174729634-3916336334-1001 2015-02-04 23:17 - 2013-10-18 15:57 - 00000000 ___DO () C:\Users\Michael Greis\SkyDrive 2015-02-04 23:17 - 2013-09-29 09:33 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-04 23:16 - 2013-09-29 20:04 - 00222256 _____ () C:\WINDOWS\PFRO.log 2015-02-04 23:16 - 2013-08-22 15:46 - 00316503 _____ () C:\WINDOWS\setupact.log 2015-02-04 23:16 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-04 23:16 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-04 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-04 22:57 - 2013-10-18 00:39 - 01998508 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-04 22:42 - 2013-09-29 09:33 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-04 18:42 - 2013-10-22 23:32 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B80A1D4-6CB0-4234-A1D8-5BC7B1522F0A} 2015-02-04 17:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2015-02-04 03:37 - 2013-09-29 09:33 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-04 03:37 - 2013-09-29 09:33 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-02 21:40 - 2013-09-29 09:33 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-02 17:01 - 2014-06-08 07:45 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-02-02 16:52 - 2014-06-08 07:46 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-01 09:24 - 2014-06-08 07:46 - 00001559 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-02-01 09:24 - 2014-06-08 07:46 - 00001268 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-02-01 09:24 - 2014-06-08 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-01 09:24 - 2014-06-08 07:45 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-01 09:24 - 2014-06-08 07:42 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\DVDVideoSoft 2015-01-28 02:40 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-26 18:06 - 2013-10-18 00:43 - 00000000 ____D () C:\Users\Michael Greis 2015-01-26 18:01 - 2013-09-25 05:56 - 00000008 _____ () C:\Users\Michael Greis\Documents\lmscfg 2015-01-26 07:13 - 2013-09-26 04:10 - 00000212 _____ () C:\Users\Michael Greis\Documents\pms.xml 2015-01-24 21:20 - 2014-10-19 06:33 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-10-19 06:33 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 18:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-20 22:21 - 2014-02-13 00:43 - 00000000 ____D () C:\Users\Michael Greis\Datensicherung 2015-01-14 17:18 - 2013-09-27 15:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 17:16 - 2013-09-27 15:20 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-10 16:58 - 2012-11-20 00:13 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-09 21:50 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-09 21:50 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-09 21:50 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-05 23:15 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2015-01-05 23:13 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated ==================== Files in the root of some directories ======= 2013-09-27 14:42 - 2014-11-28 15:20 - 0008192 _____ () C:\Users\Michael Greis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Users\Michael Greis\AppData\Local\Temp\avgnt.exe C:\Users\Michael Greis\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Michael Greis\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Michael Greis\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe C:\Users\Michael Greis\AppData\Local\Temp\Quarantine.exe C:\Users\Michael Greis\AppData\Local\Temp\ReimagePackage.exe C:\Users\Michael Greis\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Michael Greis\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Michael Greis\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 07:46 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- also noch ist der mist da...:-( Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01 Ran by Michael Greis at 2015-02-04 23:36:55 Running from C:\Users\Michael Greis\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Benutzerhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION) Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo) EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies) Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.4.2.WIN.FullTilt.EU - ) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) IncrediMail (x32 Version: 6.6.0.5282 - IncrediMail) Hidden IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5282 - IncrediMail Ltd.) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) IP Camera Viewer 2 (HKLM-x32\...\IP Camera Viewer_is1) (Version: - DeskShare Inc.) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo) Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG) Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.) Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.) Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR) Netzwerkhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - ) NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation) NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.) Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows 8 Codec Pack 2.0.1 (HKLM-x32\...\Windows 8 - Codec Pack) (Version: 2.0.1 - Windows 8 Codec Pack) WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 02-02-2015 15:08:19 Removed SearchMe Toolbar v10.8. 04-02-2015 22:36:07 Revo Uninstaller's restore point - Emsisoft Anti-Malware ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {024910F3-6DCF-4CE5-959E-F1EFBEE630C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.) Task: {361CAF5C-44B7-4405-B980-14C649EFEBCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.) Task: {37C65151-76EF-4C83-AADF-98F9592248F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7EBD527C-2B66-47E7-A2AE-5A57333A6766} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {A3FA37AD-BCF4-4CD5-AA84-511FCCE20079} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation) Task: {C1D8AEEA-A022-400F-BA31-E2D0A6BB4E33} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {FDC310CA-E64D-477D-BC50-EED1DBC5FA53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-10-26 17:52 - 2011-07-28 16:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe 2012-11-20 00:06 - 2012-07-24 12:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe 2013-10-26 17:51 - 2011-07-28 16:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe 2013-02-25 01:51 - 2013-02-25 01:51 - 00704520 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe 2012-11-20 00:07 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-26 17:52 - 2011-07-27 10:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00272808 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll 2013-08-28 15:41 - 2013-08-28 15:41 - 00108888 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll 2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2013-10-26 17:52 - 2009-08-28 15:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll 2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll 2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll 2012-11-20 00:07 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll 2012-11-20 00:06 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-01-27 08:37 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll 2015-01-27 08:37 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll 2015-01-27 08:37 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll 2015-01-27 08:37 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Michael Greis\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-4153893474-174729634-3916336334-500 - Administrator - Disabled) Gast (S-1-5-21-4153893474-174729634-3916336334-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4153893474-174729634-3916336334-1006 - Limited - Enabled) Michael Greis (S-1-5-21-4153893474-174729634-3916336334-1001 - Administrator - Enabled) => C:\Users\Michael Greis UpdatusUser (S-1-5-21-4153893474-174729634-3916336334-1004 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-02-04 04:41:36.296 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:35.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:33.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:31.388 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:30.843 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:30.155 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:28.830 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:25.595 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:24.799 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:22.171 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz Percentage of memory in use: 28% Total physical RAM: 8152.32 MB Available physical RAM: 5846.24 MB Total Pagefile: 9496.32 MB Available Pagefile: 6420.24 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:1836.76 GB) (Free:1665.81 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive i: () (Removable) (Total:29.71 GB) (Free:23.14 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: E9762F7F) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
05.02.2015, 10:25 | #6 |
/// the machine /// TB-Ausbilder | Positive finds malware auf Windows 8ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Positive finds malware auf Windows 8 |
05.02.2015, 21:12 | #7 |
| Positive finds malware auf Windows 8Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=22a8cbb62b650b4a8639949b2c2fdab7 # engine=22326 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-05 07:16:47 # local_time=2015-02-05 08:16:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 99 78143 6346407 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 321000 13468126 0 0 # scanned=405770 # found=9 # cleaned=9 # scan_time=7622 sh=ABB3655F698376FF88F62113591B3D12D8919FD5 ft=1 fh=a414509ff199394c vn="Variante von Win32/AdWare.SpeedingUpMyPC.S Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4153893474-174729634-3916336334-1001\$RJPY5MQ.exe" sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Michael Greis\AppData\Local\Microsoft\Windows\INetCache\IE\27Q9OX7J\Stub[1].exe" sh=FEB127428950FEFC10918B7641CABAC65B5FCDB1 ft=1 fh=1868a8ccc789055c vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Michael Greis\AppData\Local\Microsoft\Windows\INetCache\IE\EH2U4WLC\ReimagePackage1804x64[1].exe" sh=FEB127428950FEFC10918B7641CABAC65B5FCDB1 ft=1 fh=1868a8ccc789055c vn="Variante von Win32/ReImageRepair.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Michael Greis\AppData\Local\Temp\ReimagePackage.exe" sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Michael Greis\AppData\Local\Temp\DMR\dmr_72.exe" sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Michael Greis\Downloads\ReimageRepair.exe" sh=36CD4F1661212AC18507D83994C4C08A0C2A68DC ft=1 fh=f6af68d02bed7f3b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Michael Greis\Downloads\VLC media player 64 Bit - CHIP-Installer.exe" sh=6628E11D3F9D7194F194F77E4129FE94B860CFAE ft=1 fh=d88104f5ed5273ea vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Michael Greis\Downloads\windows.8.codec.pack.v2.0.1.setup.exe" sh=B7A1757508588C3F277B97F877A74350068370AD ft=1 fh=49b56f64fa90416e vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Michael Greis\Downloads\wzmp_8.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.95 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 64-bit 8 Update 31 Adobe Reader XI Google Chrome (40.0.2214.93) Google Chrome (40.0.2214.94) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01 Ran by Michael Greis (administrator) on MICHAEL on 05-02-2015 20:44:49 Running from C:\Users\Michael Greis\Downloads Loaded Profiles: Michael Greis (Available profiles: Michael Greis) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Windows\jmesoft\Service.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\SysWOW64\UMonit.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe (Lenovo) C:\Windows\jmesoft\hotkey.exe () C:\Windows\SysWOW64\C2MP\TrayMenu.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe () C:\Windows\jmesoft\JME_LOAD.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Michael Greis\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Michael Greis\Downloads\FRST64 (2).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor) HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] () HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444840 2013-09-27] (IncrediMail, Ltd.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2013-10-26] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\MountPoints2: {64616c87-329c-11e2-be69-806e6f6e6963} - "D:\autorun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe () ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {5627FE39-D1D2-47DC-A92E-1885F9300B08} URL = SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {5C92F3BC-E493-41AF-9DC4-B2FD315E69FE} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {98C55749-9195-48B0-9DED-BE9FEC6C3EE7} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {C97AD7F7-E60C-4503-A58C-A49225DAE478} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {CBBD290A-AAB6-4C6F-BC9F-795DD42D3164} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} SearchScopes: HKU\S-1-5-21-4153893474-174729634-3916336334-1001 -> {CEB9F694-4BEC-4B15-AC63-54FCDAB71EFE} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Michael Greis\AppData\Roaming\Mozilla\Firefox\Profiles\pOgysAjd.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Michael Greis\AppData\Roaming\Mozilla\Firefox\Profiles\pOgysAjd.default\Extensions\abs@avira.com [2015-02-02] Chrome: ======= CHR HomePage: Default -> https://www.google.de/ CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-29] CHR Extension: (Google Drive) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13] CHR Extension: (YouTube) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-29] CHR Extension: (Google-Suche) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-29] CHR Extension: (Google Wallet) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29] CHR Extension: (Google Mail) - C:\Users\Michael Greis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed] R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed] S3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 20:43 - 2015-02-05 20:44 - 02131968 _____ (Farbar) C:\Users\Michael Greis\Downloads\FRST64 (3).exe 2015-02-05 20:41 - 2015-02-05 20:41 - 00852573 _____ () C:\Users\Michael Greis\Downloads\SecurityCheck.exe 2015-02-05 18:05 - 2015-02-05 18:05 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-05 18:04 - 2015-02-05 18:05 - 02347384 _____ (ESET) C:\Users\Michael Greis\Downloads\esetsmartinstaller_deu.exe 2015-02-04 23:27 - 2015-02-04 23:27 - 02131968 _____ (Farbar) C:\Users\Michael Greis\Downloads\FRST64 (2).exe 2015-02-04 23:27 - 2015-02-04 23:27 - 02131968 _____ (Farbar) C:\Users\Michael Greis\Downloads\FRST64 (1).exe 2015-02-04 23:24 - 2015-02-04 23:24 - 00001023 _____ () C:\Users\Michael Greis\Desktop\JRT.txt 2015-02-04 23:20 - 2015-02-04 23:20 - 01388274 _____ (Thisisu) C:\Users\Michael Greis\Downloads\JRT.exe 2015-02-04 23:18 - 2015-02-04 23:18 - 00003451 _____ () C:\Users\Michael Greis\Desktop\AdwCleaner[S0].txt 2015-02-04 23:14 - 2015-02-04 23:15 - 00000000 ____D () C:\AdwCleaner 2015-02-04 23:14 - 2015-02-04 23:14 - 02194432 _____ () C:\Users\Michael Greis\Downloads\AdwCleaner_4.109.exe 2015-02-04 23:13 - 2015-02-04 23:13 - 00004431 _____ () C:\Users\Michael Greis\Desktop\mbam.txt 2015-02-04 22:42 - 2015-02-05 18:47 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 22:42 - 2015-02-04 22:42 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 22:42 - 2015-02-04 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 22:42 - 2015-02-04 22:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 22:42 - 2015-02-04 22:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 22:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-04 22:42 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-04 22:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-04 22:40 - 2015-02-04 22:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Michael Greis\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-04 22:33 - 2015-02-04 22:33 - 00001291 _____ () C:\Users\Michael Greis\Desktop\Revo Uninstaller.lnk 2015-02-04 22:33 - 2015-02-04 22:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-02-04 22:32 - 2015-02-04 22:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Michael Greis\Downloads\revosetup95.exe 2015-02-04 17:10 - 2015-02-04 17:10 - 00027779 _____ () C:\WINDOWS\system32\ScanResults.xml 2015-02-04 17:08 - 2015-02-04 17:08 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2015-02-03 20:19 - 2015-02-04 23:37 - 00021721 _____ () C:\Users\Michael Greis\Downloads\Addition.txt 2015-02-03 20:18 - 2015-02-05 20:44 - 00019546 _____ () C:\Users\Michael Greis\Downloads\FRST.txt 2015-02-03 20:18 - 2015-02-05 20:44 - 00000000 ____D () C:\FRST 2015-02-03 20:17 - 2015-02-03 20:17 - 02131456 _____ (Farbar) C:\Users\Michael Greis\Downloads\FRST64.exe 2015-02-03 07:31 - 2015-02-03 07:31 - 00077312 _____ (Emsisoft GmbH) C:\WINDOWS\system32\eamclean.exe 2015-02-03 07:31 - 2015-02-03 07:31 - 00000408 _____ () C:\WINDOWS\system32\eamclean.dat 2015-02-02 22:36 - 2015-02-02 22:36 - 00000000 ____D () C:\ProgramData\Emsisoft 2015-02-02 21:22 - 2015-02-02 21:25 - 172265200 _____ (Emsisoft Ltd. ) C:\Users\Michael Greis\Downloads\EmsisoftAntiMalware4799Setup.exe 2015-02-02 19:22 - 2015-02-02 19:20 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2015-02-02 19:21 - 2015-02-03 07:40 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-02-02 19:21 - 2015-02-02 19:21 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Mozilla 2015-02-02 19:20 - 2015-02-03 07:40 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-02 19:20 - 2015-02-03 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-02 19:20 - 2015-02-02 19:20 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-02-02 19:20 - 2015-02-02 19:20 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Avira 2015-02-02 19:19 - 2015-02-03 07:40 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-02-02 19:19 - 2015-02-02 19:21 - 00000000 ____D () C:\ProgramData\Avira 2015-02-02 19:19 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-02-02 19:19 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-02-02 19:19 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2015-02-02 19:15 - 2015-02-02 19:18 - 154051656 _____ () C:\Users\Michael Greis\Downloads\avira_free_antivirus_de.exe 2015-02-02 17:39 - 2015-02-04 22:47 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\Nico Mak Computing 2015-02-02 17:15 - 2015-02-02 17:15 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-02 17:10 - 2015-02-02 17:14 - 166920400 _____ () C:\Users\Michael Greis\Downloads\setup_11.0.3.8.x01_2014_12_29_19_35.exe 2015-02-02 17:10 - 2015-02-02 17:13 - 166920400 _____ () C:\Users\Michael Greis\Downloads\setup_11.0.3.8.x01_2014_12_29_19_35 (1).exe 2015-02-02 17:00 - 2015-02-02 17:01 - 28598072 _____ (TuneUp Software) C:\Users\Michael Greis\Downloads\TuneUpUtilities2014_34de-DE.exe 2015-02-02 16:52 - 2015-02-02 16:52 - 28598072 _____ (TuneUp Software) C:\Users\Michael Greis\Downloads\TuneUpUtilities2014_de-DE.exe 2015-02-01 09:24 - 2015-02-01 09:24 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-01 09:23 - 2015-02-01 09:23 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael Greis\Downloads\FreeYouTubeToMP3Converter.exe 2015-01-14 13:22 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 13:22 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 13:22 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 13:22 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 13:22 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 13:22 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 13:22 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 13:22 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 13:22 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 13:22 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 13:22 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 13:22 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 13:22 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 13:22 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 13:22 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 13:22 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 13:22 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 13:22 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 13:22 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 13:22 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 13:22 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 13:22 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 13:22 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-10 16:59 - 2015-01-10 16:59 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 20:42 - 2013-09-29 09:33 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-05 20:38 - 2013-08-22 15:46 - 00316811 _____ () C:\WINDOWS\setupact.log 2015-02-05 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-05 19:55 - 2013-10-18 00:39 - 02067312 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-05 18:04 - 2013-10-22 23:32 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B80A1D4-6CB0-4234-A1D8-5BC7B1522F0A} 2015-02-05 18:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2015-02-05 18:02 - 2013-10-18 15:57 - 00000000 ___DO () C:\Users\Michael Greis\SkyDrive 2015-02-05 18:01 - 2013-09-29 09:33 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-05 18:00 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-04 23:48 - 2013-09-26 04:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4153893474-174729634-3916336334-1001 2015-02-04 23:16 - 2013-09-29 20:04 - 00222256 _____ () C:\WINDOWS\PFRO.log 2015-02-04 23:16 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-04 23:15 - 2012-11-20 00:14 - 00000000 ____D () C:\Program Files (x86)\Amazon 2015-02-04 03:37 - 2013-09-29 09:33 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-04 03:37 - 2013-09-29 09:33 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-02 21:40 - 2013-09-29 09:33 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-02 17:01 - 2014-06-08 07:45 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-02-02 16:52 - 2014-06-08 07:46 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-02-01 09:24 - 2014-06-08 07:46 - 00001559 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-02-01 09:24 - 2014-06-08 07:46 - 00001268 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-02-01 09:24 - 2014-06-08 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-01 09:24 - 2014-06-08 07:45 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-01 09:24 - 2014-06-08 07:42 - 00000000 ____D () C:\Users\Michael Greis\AppData\Roaming\DVDVideoSoft 2015-01-28 02:40 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-26 18:06 - 2013-10-18 00:43 - 00000000 ____D () C:\Users\Michael Greis 2015-01-26 18:01 - 2013-09-25 05:56 - 00000008 _____ () C:\Users\Michael Greis\Documents\lmscfg 2015-01-26 07:13 - 2013-09-26 04:10 - 00000212 _____ () C:\Users\Michael Greis\Documents\pms.xml 2015-01-24 21:20 - 2014-10-19 06:33 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-10-19 06:33 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 18:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-20 22:21 - 2014-02-13 00:43 - 00000000 ____D () C:\Users\Michael Greis\Datensicherung 2015-01-14 17:18 - 2013-09-27 15:20 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 17:16 - 2013-09-27 15:20 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-10 16:58 - 2012-11-20 00:13 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-09 21:50 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-09 21:50 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-09 21:50 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat ==================== Files in the root of some directories ======= 2013-09-27 14:42 - 2014-11-28 15:20 - 0008192 _____ () C:\Users\Michael Greis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Users\Michael Greis\AppData\Local\Temp\avgnt.exe C:\Users\Michael Greis\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Michael Greis\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Michael Greis\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe C:\Users\Michael Greis\AppData\Local\Temp\Quarantine.exe C:\Users\Michael Greis\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Michael Greis\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Michael Greis\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-05 20:19 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01 Ran by Michael Greis at 2015-02-05 20:46:14 Running from C:\Users\Michael Greis\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Benutzerhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION) Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo) EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies) Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.4.2.WIN.FullTilt.EU - ) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.) IncrediMail (x32 Version: 6.6.0.5282 - IncrediMail) Hidden IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5282 - IncrediMail Ltd.) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) IP Camera Viewer 2 (HKLM-x32\...\IP Camera Viewer_is1) (Version: - DeskShare Inc.) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo) Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG) Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.) Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.) Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-4153893474-174729634-3916336334-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR) Netzwerkhandbuch EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - ) NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation) NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.) Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows 8 Codec Pack 2.0.1 (HKLM-x32\...\Windows 8 - Codec Pack) (Version: 2.0.1 - Windows 8 Codec Pack) WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4153893474-174729634-3916336334-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Michael Greis\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 02-02-2015 15:08:19 Removed SearchMe Toolbar v10.8. 04-02-2015 22:36:07 Revo Uninstaller's restore point - Emsisoft Anti-Malware ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {024910F3-6DCF-4CE5-959E-F1EFBEE630C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.) Task: {361CAF5C-44B7-4405-B980-14C649EFEBCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.) Task: {37C65151-76EF-4C83-AADF-98F9592248F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {56B22BB9-D57E-4E57-89EA-B359FB98CABD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation) Task: {7EBD527C-2B66-47E7-A2AE-5A57333A6766} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C1D8AEEA-A022-400F-BA31-E2D0A6BB4E33} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {FDC310CA-E64D-477D-BC50-EED1DBC5FA53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2012-11-20 00:07 - 2011-03-15 20:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe 2013-10-26 17:52 - 2011-07-28 16:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe 2012-11-20 00:06 - 2012-07-24 12:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe 2013-10-26 17:51 - 2011-07-28 16:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe 2013-02-25 01:51 - 2013-02-25 01:51 - 00704520 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe 2012-11-20 00:07 - 2011-05-17 13:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe 2015-02-05 20:41 - 2015-02-05 20:41 - 00852573 _____ () C:\Users\Michael Greis\Downloads\SecurityCheck.exe 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-26 17:52 - 2011-07-27 10:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00272808 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll 2013-08-28 15:41 - 2013-08-28 15:41 - 00108888 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll 2013-09-27 14:21 - 2013-09-27 14:21 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll 2015-01-27 08:37 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll 2015-01-27 08:37 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll 2015-01-27 08:37 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll 2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2013-10-26 17:52 - 2009-08-28 15:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll 2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll 2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll 2012-11-20 00:07 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll 2015-01-27 08:37 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll 2012-11-20 00:06 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Michael Greis\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4153893474-174729634-3916336334-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-4153893474-174729634-3916336334-500 - Administrator - Disabled) Gast (S-1-5-21-4153893474-174729634-3916336334-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4153893474-174729634-3916336334-1006 - Limited - Enabled) Michael Greis (S-1-5-21-4153893474-174729634-3916336334-1001 - Administrator - Enabled) => C:\Users\Michael Greis UpdatusUser (S-1-5-21-4153893474-174729634-3916336334-1004 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2015 08:40:41 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 08:28:41 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 08:23:29 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 07:06:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5938 Error: (02/05/2015 07:06:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5938 Error: (02/05/2015 07:06:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2015 07:06:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2610 Error: (02/05/2015 07:06:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2610 Error: (02/05/2015 07:06:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2015 06:05:36 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors: ============= Error: (02/05/2015 07:06:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/05/2015 06:02:28 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelMichael GreisS-1-5-21-4153893474-174729634-3916336334-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/05/2015 06:02:28 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelMichael GreisS-1-5-21-4153893474-174729634-3916336334-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/05/2015 06:02:28 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelMichael GreisS-1-5-21-4153893474-174729634-3916336334-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/05/2015 06:02:28 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelMichael GreisS-1-5-21-4153893474-174729634-3916336334-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/05/2015 06:02:28 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelMichael GreisS-1-5-21-4153893474-174729634-3916336334-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/05/2015 06:02:28 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelMichael GreisS-1-5-21-4153893474-174729634-3916336334-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/05/2015 06:02:27 PM) (Source: DCOM) (EventID: 10016) (User: MICHAEL) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichaelMichael GreisS-1-5-21-4153893474-174729634-3916336334-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (02/05/2015 06:01:20 PM) (Source: bowser) (EventID: 8016) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "MICHAEL" auf Transport "NetBT_Tcpip_{289C1792-568E-463A-847C-C3F5F97ADDD4}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (02/05/2015 06:00:51 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 04.02.2015 um 23:56:34 unerwartet heruntergefahren. Microsoft Office Sessions: ========================= Error: (02/05/2015 08:40:41 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/05/2015 08:28:41 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/05/2015 08:23:29 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/05/2015 07:06:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5938 Error: (02/05/2015 07:06:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5938 Error: (02/05/2015 07:06:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2015 07:06:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2610 Error: (02/05/2015 07:06:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2610 Error: (02/05/2015 07:06:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2015 06:05:36 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Michael Greis\Downloads\esetsmartinstaller_deu.exe CodeIntegrity Errors: =================================== Date: 2015-02-04 04:41:36.296 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:35.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:33.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:31.388 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:30.843 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:30.155 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:28.830 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:25.595 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:24.799 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. Date: 2015-02-04 04:41:22.171 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz Percentage of memory in use: 36% Total physical RAM: 8152.32 MB Available physical RAM: 5172.22 MB Total Pagefile: 9496.32 MB Available Pagefile: 4937.15 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:1836.76 GB) (Free:1664.75 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive i: () (Removable) (Total:29.71 GB) (Free:23.14 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: E9762F7F) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ ja leider immer noch das selbe Problem :-( macht es sinn die ganzen I-explorer mal zu deinstallieren ? |
06.02.2015, 09:09 | #8 |
/// the machine /// TB-Ausbilder | Positive finds malware auf Windows 8 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin\S-1-5-21-4153893474-174729634-3916336334-1001\$RJPY5MQ.exe C:\Users\Michael Greis\AppData\Local\Microsoft\Windows\INetCache\IE\27Q9OX7J\Stub[1].exe C:\Users\Michael Greis\AppData\Local\Microsoft\Windows\INetCache\IE\EH2U4WLC\ReimagePackage1804x64[1].exe C:\Users\Michael Greis\AppData\Local\Temp\ReimagePackage.exe C:\Users\Michael Greis\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\Michael Greis\Downloads\ReimageRepair.exe C:\Users\Michael Greis\Downloads\VLC media player 64 Bit - CHIP-Installer.exe C:\Users\Michael Greis\Downloads\windows.8.codec.pack.v2.0.1.setup.exe C:\Users\Michael Greis\Downloads\wzmp_8.exe Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
In welchen Browsern besteht das Problem?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.02.2015, 14:33 | #9 |
| Positive finds malware auf Windows 8Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015 Ran by Michael Greis at 2015-02-06 14:23:56 Run:1 Running from C:\Users\Michael Greis\Downloads Loaded Profiles: Michael Greis & (Available profiles: Michael Greis) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\$Recycle.Bin\S-1-5-21-4153893474-174729634-3916336334-1001\$RJPY5MQ.exe C:\Users\Michael Greis\AppData\Local\Microsoft\Windows\INetCache\IE\27Q9OX7J\Stub[1].exe C:\Users\Michael Greis\AppData\Local\Microsoft\Windows\INetCache\IE\EH2U4WLC\ReimagePackage1804x64[1].exe C:\Users\Michael Greis\AppData\Local\Temp\ReimagePackage.exe C:\Users\Michael Greis\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\Michael Greis\Downloads\ReimageRepair.exe C:\Users\Michael Greis\Downloads\VLC media player 64 Bit - CHIP-Installer.exe C:\Users\Michael Greis\Downloads\windows.8.codec.pack.v2.0.1.setup.exe C:\Users\Michael Greis\Downloads\wzmp_8.exe Emptytemp: ***************** "C:\$Recycle.Bin\S-1-5-21-4153893474-174729634-3916336334-1001\$RJPY5MQ.exe" => File/Directory not found. "C:\Users\Michael Greis\AppData\Local\Microsoft\Windows\INetCache\IE\27Q9OX7J\Stub[1].exe" => File/Directory not found. "C:\Users\Michael Greis\AppData\Local\Microsoft\Windows\INetCache\IE\EH2U4WLC\ReimagePackage1804x64[1].exe" => File/Directory not found. "C:\Users\Michael Greis\AppData\Local\Temp\ReimagePackage.exe" => File/Directory not found. "C:\Users\Michael Greis\AppData\Local\Temp\DMR\dmr_72.exe" => File/Directory not found. "C:\Users\Michael Greis\Downloads\ReimageRepair.exe" => File/Directory not found. "C:\Users\Michael Greis\Downloads\VLC media player 64 Bit - CHIP-Installer.exe" => File/Directory not found. "C:\Users\Michael Greis\Downloads\windows.8.codec.pack.v2.0.1.setup.exe" => File/Directory not found. "C:\Users\Michael Greis\Downloads\wzmp_8.exe" => File/Directory not found. EmptyTemp: => Removed 11 GB temporary data. The system needed a reboot. ==== End of Fixlog 14:24:52 ==== auf google chrome ist das problem bei E-Explorer scheinbar nicht. |
06.02.2015, 19:36 | #10 |
/// the machine /// TB-Ausbilder | Positive finds malware auf Windows 8 Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |