Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.257
Adobe Reader XI
Mozilla Firefox (35.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check`````````````````
Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Alex-Admin (administrator) on MAMA on 18-02-2015 14:58:25
Running from C:\Users\Alex-Admin\Desktop
Loaded Profiles: Alex-Admin (Available profiles: Doris & Alex-Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-09] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-09] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-13] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1094 2015-02-17] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\..\Interfaces\{9EA7D31E-8498-425F-8BA1-B7353D866F8F}: [NameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Adblock Plus - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-24]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-13] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-13] (Avast Software)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-13] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-09-03] ()
S1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30080 2011-09-22] (REALiX(tm))
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-09-03] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-13] (Avast Software)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-15] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 14:55 - 2015-02-18 14:55 - 00852594 _____ () C:\Users\Alex-Admin\Desktop\SecurityCheck.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 02347384 _____ (ESET) C:\Users\Alex-Admin\Downloads\esetsmartinstaller_deu.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\Alex-Admin\Desktop\FRST-OlderVersion
2015-02-17 18:40 - 2015-02-17 18:40 - 00001042 _____ () C:\Users\Alex-Admin\Desktop\JRT.txt
2015-02-17 18:32 - 2015-02-17 18:32 - 01388274 _____ (Thisisu) C:\Users\Alex-Admin\Desktop\JRT.exe
2015-02-17 18:31 - 2015-02-17 18:31 - 02112512 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner_4.110.exe
2015-02-17 18:30 - 2015-02-17 18:30 - 00001206 _____ () C:\Users\Alex-Admin\Desktop\mbam.txt
2015-02-17 09:32 - 2015-02-17 09:32 - 00020389 _____ () C:\ComboFix.txt
2015-02-17 09:21 - 2015-02-17 09:32 - 00000000 ____D () C:\Qoobox
2015-02-17 09:21 - 2015-02-17 09:30 - 00000000 ____D () C:\windows\erdnt
2015-02-17 09:21 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-17 09:21 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-17 09:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-17 09:17 - 2015-02-17 09:17 - 05611903 ____R (Swearware) C:\Users\Alex-Admin\Desktop\ComboFix.exe
2015-02-16 12:28 - 2015-02-16 12:28 - 00000197 _____ () C:\windows\system32\2015-02-16-11-28-28.089-AvastVBoxSVC.exe-3012.log
2015-02-15 17:44 - 2015-02-15 17:44 - 00000547 _____ () C:\Users\Alex-Admin\Desktop\Gmer.txt
2015-02-15 17:30 - 2015-02-15 17:30 - 00380416 _____ () C:\Users\Alex-Admin\Desktop\o8x24qnl.exe
2015-02-15 17:25 - 2015-02-15 17:25 - 00027870 _____ () C:\Users\Alex-Admin\Desktop\Addition.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00006786 _____ () C:\Users\Alex-Admin\Desktop\FRST.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00000000 ____D () C:\FRST
2015-02-15 17:23 - 2015-02-17 18:41 - 02085888 _____ (Farbar) C:\Users\Alex-Admin\Desktop\FRST64.exe
2015-02-15 17:18 - 2015-02-15 17:19 - 00000482 _____ () C:\Users\Alex-Admin\Downloads\defogger_disable.log
2015-02-15 17:18 - 2015-02-15 17:18 - 00000000 _____ () C:\Users\Alex-Admin\defogger_reenable
2015-02-15 17:17 - 2015-02-15 17:17 - 00050477 _____ () C:\Users\Alex-Admin\Downloads\Defogger.exe
2015-02-15 17:05 - 2015-02-15 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:40 - 2015-01-21 18:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 18:40 - 2015-01-21 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 18:38 - 2015-01-21 18:39 - 30431144 _____ (Oracle Corporation) C:\Users\Doris\Downloads\jre-8u31-windows-i586.exe
2015-01-21 18:29 - 2015-01-21 18:29 - 00000197 _____ () C:\windows\system32\2015-01-21-17-29-41.069-AvastVBoxSVC.exe-2788.log
2015-01-21 12:01 - 2015-01-21 12:02 - 00000197 _____ () C:\windows\system32\2015-01-21-11-01-55.037-AvastVBoxSVC.exe-4400.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 08:26 - 2011-11-08 19:25 - 00700118 _____ () C:\windows\system32\perfh007.dat
2015-02-18 08:26 - 2011-11-08 19:25 - 00149968 _____ () C:\windows\system32\perfc007.dat
2015-02-18 08:26 - 2009-07-14 06:13 - 01622228 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-18 08:23 - 2011-11-09 04:24 - 00078969 _____ () C:\windows\system32\fastboot.set
2015-02-18 08:21 - 2015-01-14 14:22 - 00053043 _____ () C:\FaceProv.log
2015-02-18 08:21 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-18 08:20 - 2015-01-14 16:24 - 00000504 _____ () C:\windows\setupact.log
2015-02-17 18:38 - 2014-08-28 16:25 - 00000000 ____D () C:\AdwCleaner
2015-02-17 18:34 - 2014-11-16 17:10 - 00002622 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner[R2].txt
2015-02-17 18:10 - 2015-01-14 11:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 18:01 - 2015-01-14 16:24 - 00003372 _____ () C:\windows\PFRO.log
2015-02-17 09:29 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-02-16 12:30 - 2014-08-29 14:29 - 01526813 _____ () C:\windows\WindowsUpdate.log
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:29 - 2015-01-14 17:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-16 12:28 - 2014-03-24 15:32 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-15 17:18 - 2011-12-07 22:19 - 00000000 ____D () C:\Users\Alex-Admin
2015-01-21 20:16 - 2014-08-28 16:14 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 19:16 - 2014-08-28 16:14 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-21 19:16 - 2014-08-28 16:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 19:16 - 2014-08-28 16:14 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 18:40 - 2014-08-28 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 18:39 - 2013-02-21 14:40 - 00000000 ____D () C:\Program Files (x86)\Java
==================== Files in the root of some directories =======
2012-12-01 18:05 - 2012-12-01 18:05 - 0000017 _____ () C:\Users\Alex-Admin\AppData\Local\resmon.resmoncfg
Some content of TEMP:
====================
C:\Users\Alex-Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex-Admin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 16:54
==================== End Of Log ============================
Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.257
Adobe Reader XI
Mozilla Firefox (35.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check`````````````````
Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Alex-Admin (administrator) on MAMA on 18-02-2015 14:58:25
Running from C:\Users\Alex-Admin\Desktop
Loaded Profiles: Alex-Admin (Available profiles: Doris & Alex-Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-09] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-09] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-13] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1094 2015-02-17] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\..\Interfaces\{9EA7D31E-8498-425F-8BA1-B7353D866F8F}: [NameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Adblock Plus - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-24]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-13] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-13] (Avast Software)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-13] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-09-03] ()
S1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30080 2011-09-22] (REALiX(tm))
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-09-03] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-13] (Avast Software)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-15] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 14:55 - 2015-02-18 14:55 - 00852594 _____ () C:\Users\Alex-Admin\Desktop\SecurityCheck.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 02347384 _____ (ESET) C:\Users\Alex-Admin\Downloads\esetsmartinstaller_deu.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\Alex-Admin\Desktop\FRST-OlderVersion
2015-02-17 18:40 - 2015-02-17 18:40 - 00001042 _____ () C:\Users\Alex-Admin\Desktop\JRT.txt
2015-02-17 18:32 - 2015-02-17 18:32 - 01388274 _____ (Thisisu) C:\Users\Alex-Admin\Desktop\JRT.exe
2015-02-17 18:31 - 2015-02-17 18:31 - 02112512 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner_4.110.exe
2015-02-17 18:30 - 2015-02-17 18:30 - 00001206 _____ () C:\Users\Alex-Admin\Desktop\mbam.txt
2015-02-17 09:32 - 2015-02-17 09:32 - 00020389 _____ () C:\ComboFix.txt
2015-02-17 09:21 - 2015-02-17 09:32 - 00000000 ____D () C:\Qoobox
2015-02-17 09:21 - 2015-02-17 09:30 - 00000000 ____D () C:\windows\erdnt
2015-02-17 09:21 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-17 09:21 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-17 09:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-17 09:17 - 2015-02-17 09:17 - 05611903 ____R (Swearware) C:\Users\Alex-Admin\Desktop\ComboFix.exe
2015-02-16 12:28 - 2015-02-16 12:28 - 00000197 _____ () C:\windows\system32\2015-02-16-11-28-28.089-AvastVBoxSVC.exe-3012.log
2015-02-15 17:44 - 2015-02-15 17:44 - 00000547 _____ () C:\Users\Alex-Admin\Desktop\Gmer.txt
2015-02-15 17:30 - 2015-02-15 17:30 - 00380416 _____ () C:\Users\Alex-Admin\Desktop\o8x24qnl.exe
2015-02-15 17:25 - 2015-02-15 17:25 - 00027870 _____ () C:\Users\Alex-Admin\Desktop\Addition.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00006786 _____ () C:\Users\Alex-Admin\Desktop\FRST.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00000000 ____D () C:\FRST
2015-02-15 17:23 - 2015-02-17 18:41 - 02085888 _____ (Farbar) C:\Users\Alex-Admin\Desktop\FRST64.exe
2015-02-15 17:18 - 2015-02-15 17:19 - 00000482 _____ () C:\Users\Alex-Admin\Downloads\defogger_disable.log
2015-02-15 17:18 - 2015-02-15 17:18 - 00000000 _____ () C:\Users\Alex-Admin\defogger_reenable
2015-02-15 17:17 - 2015-02-15 17:17 - 00050477 _____ () C:\Users\Alex-Admin\Downloads\Defogger.exe
2015-02-15 17:05 - 2015-02-15 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:40 - 2015-01-21 18:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 18:40 - 2015-01-21 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 18:38 - 2015-01-21 18:39 - 30431144 _____ (Oracle Corporation) C:\Users\Doris\Downloads\jre-8u31-windows-i586.exe
2015-01-21 18:29 - 2015-01-21 18:29 - 00000197 _____ () C:\windows\system32\2015-01-21-17-29-41.069-AvastVBoxSVC.exe-2788.log
2015-01-21 12:01 - 2015-01-21 12:02 - 00000197 _____ () C:\windows\system32\2015-01-21-11-01-55.037-AvastVBoxSVC.exe-4400.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 08:26 - 2011-11-08 19:25 - 00700118 _____ () C:\windows\system32\perfh007.dat
2015-02-18 08:26 - 2011-11-08 19:25 - 00149968 _____ () C:\windows\system32\perfc007.dat
2015-02-18 08:26 - 2009-07-14 06:13 - 01622228 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-18 08:23 - 2011-11-09 04:24 - 00078969 _____ () C:\windows\system32\fastboot.set
2015-02-18 08:21 - 2015-01-14 14:22 - 00053043 _____ () C:\FaceProv.log
2015-02-18 08:21 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-18 08:20 - 2015-01-14 16:24 - 00000504 _____ () C:\windows\setupact.log
2015-02-17 18:38 - 2014-08-28 16:25 - 00000000 ____D () C:\AdwCleaner
2015-02-17 18:34 - 2014-11-16 17:10 - 00002622 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner[R2].txt
2015-02-17 18:10 - 2015-01-14 11:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 18:01 - 2015-01-14 16:24 - 00003372 _____ () C:\windows\PFRO.log
2015-02-17 09:29 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-02-16 12:30 - 2014-08-29 14:29 - 01526813 _____ () C:\windows\WindowsUpdate.log
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:29 - 2015-01-14 17:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-16 12:28 - 2014-03-24 15:32 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-15 17:18 - 2011-12-07 22:19 - 00000000 ____D () C:\Users\Alex-Admin
2015-01-21 20:16 - 2014-08-28 16:14 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 19:16 - 2014-08-28 16:14 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-21 19:16 - 2014-08-28 16:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 19:16 - 2014-08-28 16:14 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 18:40 - 2014-08-28 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 18:39 - 2013-02-21 14:40 - 00000000 ____D () C:\Program Files (x86)\Java
==================== Files in the root of some directories =======
2012-12-01 18:05 - 2012-12-01 18:05 - 0000017 _____ () C:\Users\Alex-Admin\AppData\Local\resmon.resmoncfg
Some content of TEMP:
====================
C:\Users\Alex-Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex-Admin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 16:54
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
eset logfile jetzt mit ausgeschalteter firewall, sorry vorhin vergessen
Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.257
Adobe Reader XI
Mozilla Firefox (35.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check`````````````````
Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Alex-Admin (administrator) on MAMA on 18-02-2015 14:58:25
Running from C:\Users\Alex-Admin\Desktop
Loaded Profiles: Alex-Admin (Available profiles: Doris & Alex-Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-09] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-11-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-11-09] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-13] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt [1094 2015-02-17] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKU\S-1-5-21-1267150517-396084267-1204150811-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\..\Interfaces\{9EA7D31E-8498-425F-8BA1-B7353D866F8F}: [NameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-23]
FF Extension: Adblock Plus - C:\Users\Alex-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ra2o5okn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-24]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-13] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-13] (Avast Software)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-16] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-16] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-16] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-13] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-16] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-16] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-09-03] ()
S1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30080 2011-09-22] (REALiX(tm))
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-09-03] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-13] (Avast Software)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-15] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 14:55 - 2015-02-18 14:55 - 00852594 _____ () C:\Users\Alex-Admin\Desktop\SecurityCheck.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 02347384 _____ (ESET) C:\Users\Alex-Admin\Downloads\esetsmartinstaller_deu.exe
2015-02-18 08:45 - 2015-02-18 08:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-17 18:41 - 2015-02-17 18:41 - 00000000 ____D () C:\Users\Alex-Admin\Desktop\FRST-OlderVersion
2015-02-17 18:40 - 2015-02-17 18:40 - 00001042 _____ () C:\Users\Alex-Admin\Desktop\JRT.txt
2015-02-17 18:32 - 2015-02-17 18:32 - 01388274 _____ (Thisisu) C:\Users\Alex-Admin\Desktop\JRT.exe
2015-02-17 18:31 - 2015-02-17 18:31 - 02112512 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner_4.110.exe
2015-02-17 18:30 - 2015-02-17 18:30 - 00001206 _____ () C:\Users\Alex-Admin\Desktop\mbam.txt
2015-02-17 09:32 - 2015-02-17 09:32 - 00020389 _____ () C:\ComboFix.txt
2015-02-17 09:21 - 2015-02-17 09:32 - 00000000 ____D () C:\Qoobox
2015-02-17 09:21 - 2015-02-17 09:30 - 00000000 ____D () C:\windows\erdnt
2015-02-17 09:21 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-17 09:21 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-17 09:21 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-17 09:21 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-17 09:17 - 2015-02-17 09:17 - 05611903 ____R (Swearware) C:\Users\Alex-Admin\Desktop\ComboFix.exe
2015-02-16 12:28 - 2015-02-16 12:28 - 00000197 _____ () C:\windows\system32\2015-02-16-11-28-28.089-AvastVBoxSVC.exe-3012.log
2015-02-15 17:44 - 2015-02-15 17:44 - 00000547 _____ () C:\Users\Alex-Admin\Desktop\Gmer.txt
2015-02-15 17:30 - 2015-02-15 17:30 - 00380416 _____ () C:\Users\Alex-Admin\Desktop\o8x24qnl.exe
2015-02-15 17:25 - 2015-02-15 17:25 - 00027870 _____ () C:\Users\Alex-Admin\Desktop\Addition.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00006786 _____ () C:\Users\Alex-Admin\Desktop\FRST.txt
2015-02-15 17:24 - 2015-02-18 14:58 - 00000000 ____D () C:\FRST
2015-02-15 17:23 - 2015-02-17 18:41 - 02085888 _____ (Farbar) C:\Users\Alex-Admin\Desktop\FRST64.exe
2015-02-15 17:18 - 2015-02-15 17:19 - 00000482 _____ () C:\Users\Alex-Admin\Downloads\defogger_disable.log
2015-02-15 17:18 - 2015-02-15 17:18 - 00000000 _____ () C:\Users\Alex-Admin\defogger_reenable
2015-02-15 17:17 - 2015-02-15 17:17 - 00050477 _____ () C:\Users\Alex-Admin\Downloads\Defogger.exe
2015-02-15 17:05 - 2015-02-15 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-21 18:40 - 2015-01-21 18:40 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 18:40 - 2015-01-21 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 18:38 - 2015-01-21 18:39 - 30431144 _____ (Oracle Corporation) C:\Users\Doris\Downloads\jre-8u31-windows-i586.exe
2015-01-21 18:29 - 2015-01-21 18:29 - 00000197 _____ () C:\windows\system32\2015-01-21-17-29-41.069-AvastVBoxSVC.exe-2788.log
2015-01-21 12:01 - 2015-01-21 12:02 - 00000197 _____ () C:\windows\system32\2015-01-21-11-01-55.037-AvastVBoxSVC.exe-4400.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 08:26 - 2011-11-08 19:25 - 00700118 _____ () C:\windows\system32\perfh007.dat
2015-02-18 08:26 - 2011-11-08 19:25 - 00149968 _____ () C:\windows\system32\perfc007.dat
2015-02-18 08:26 - 2009-07-14 06:13 - 01622228 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-18 08:23 - 2011-11-09 04:24 - 00078969 _____ () C:\windows\system32\fastboot.set
2015-02-18 08:21 - 2015-01-14 14:22 - 00053043 _____ () C:\FaceProv.log
2015-02-18 08:21 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-18 08:20 - 2015-01-14 16:24 - 00000504 _____ () C:\windows\setupact.log
2015-02-17 18:38 - 2014-08-28 16:25 - 00000000 ____D () C:\AdwCleaner
2015-02-17 18:34 - 2014-11-16 17:10 - 00002622 _____ () C:\Users\Alex-Admin\Desktop\AdwCleaner[R2].txt
2015-02-17 18:10 - 2015-01-14 11:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 18:01 - 2015-01-14 16:24 - 00003372 _____ () C:\windows\PFRO.log
2015-02-17 09:29 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-02-16 12:30 - 2014-08-29 14:29 - 01526813 _____ () C:\windows\WindowsUpdate.log
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:30 - 2009-07-14 05:45 - 00021072 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 12:29 - 2015-01-14 17:14 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-16 12:28 - 2014-03-24 15:32 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-15 17:18 - 2011-12-07 22:19 - 00000000 ____D () C:\Users\Alex-Admin
2015-01-21 20:16 - 2014-08-28 16:14 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 19:16 - 2014-08-28 16:14 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-21 19:16 - 2014-08-28 16:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-21 19:16 - 2014-08-28 16:14 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 18:40 - 2014-08-28 16:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 18:39 - 2013-02-21 14:40 - 00000000 ____D () C:\Program Files (x86)\Java
==================== Files in the root of some directories =======
2012-12-01 18:05 - 2012-12-01 18:05 - 0000017 _____ () C:\Users\Alex-Admin\AppData\Local\resmon.resmoncfg
Some content of TEMP:
====================
C:\Users\Alex-Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex-Admin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 16:54
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
eset logfile jetzt mit ausgeschalteter firewall, sorry vorhin vergessen
Sieht jetzt gut aus Schrauber vielen herzlichen Dank schonmal!!!
Muss man eigentlich die Wiederherstellungspunkte von früher löschen bzw. die Wiederherstellung deaktivieren und wieder anschalten nach Neustart? Kenn das so von früher?
__________________
Themen zu Windows 7-64bit: Computer bootet nicht nach Schädlingsbefall.
Zum Thema Windows 7-64bit: Computer bootet nicht nach Schädlingsbefall. - ESET Online Scanner
Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte
Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden - Windows 7-64bit: Computer bootet nicht nach Schädlingsbefall....
18.02.2015, 06:26
SecurityCheck und:
vielen herzlichen Dank schonmal!!!
Hybrid-Darstellung
