| |
| |||||||
Log-Analyse und Auswertung: PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.03.2015, 12:08
| #1 |
 |  PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Hallo zusammen, verschiedene Virenscans haben auf dem Laptop meiner Freundin verschiedene Funde geliefert: Vor einiger Zeit hat Malwarebytes "PUP.Optional.SimpleNewTab.A" gefunden. Die Dateien wurden in Quarantäne verschoben, aber erstmal nichts weiter unternommen.. :/ Hier das Log dazu: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.12.2014 Suchlauf-Zeit: 22:27:00 Logdatei: mbam log.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.12.01.07 Rootkit Datenbank: v2014.12.01.02 Lizenz: Kostenlos Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: *** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319700 Verstrichene Zeit: 22 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 6 PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{8DAA9564-C7BF-43E1-ADB9-17B44DA980A6}, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B47A69DE-9B38-4EC0-996E-99F90C0F8CA5}, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{5C2DD58F-613F-4580-8AC0-F10D760AF938}\INPROCSERVER32, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], PUP.Optional.SimpleNewTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C2DD58F-613F-4580-8AC0-F10D760AF938}, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], PUP.Optional.SimpleNewTab.A, HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SimpleNewTab, Löschen bei Neustart, [9a0fe27bb4c8ac8a833dbeab1be8ba46], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.SimpleNewTab.A, C:\Users\***\AppData\Local\simple_new_tab, In Quarantäne, [0a9f0a53a9d37cba99c9110fb44f8b75], PUP.Optional.SimpleNewTab.A, C:\Users\***\AppData\Local\simple_new_tab\htmls, In Quarantäne, [0a9f0a53a9d37cba99c9110fb44f8b75], Dateien: 3 PUP.Optional.SimpleNewTab.A, C:\Users\***\AppData\Local\simple_new_tab\simple_new_tab.dll, In Quarantäne, [2a7fbba2691395a1b0e56065b64ccf31], PUP.Optional.Bandoo, C:\Users\***\Desktop\jZipSetup-r110-w-bf.exe, In Quarantäne, [5d4c90cd6b11a59154598d463dc404fc], PUP.Optional.SimpleNewTab.A, C:\Users\***\AppData\Local\simple_new_tab\htmls\index.html, In Quarantäne, [0a9f0a53a9d37cba99c9110fb44f8b75], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Log: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 20. März 2015 07:01
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***-PC
Versionsinformationen:
BUILD.DAT : 15.0.8.656 91858 Bytes 17.03.2015 13:02:00
AVSCAN.EXE : 15.0.8.652 1014064 Bytes 20.03.2015 05:17:39
AVSCANRC.DLL : 15.0.8.652 63792 Bytes 20.03.2015 05:17:39
LUKE.DLL : 15.0.8.652 60664 Bytes 20.03.2015 05:17:55
AVSCPLR.DLL : 15.0.8.652 93488 Bytes 20.03.2015 05:17:39
REPAIR.DLL : 15.0.8.652 365360 Bytes 20.03.2015 05:17:38
REPAIR.RDF : 1.0.6.48 806858 Bytes 20.03.2015 05:18:03
AVREG.DLL : 15.0.8.652 265464 Bytes 20.03.2015 05:17:37
AVLODE.DLL : 15.0.8.656 645368 Bytes 20.03.2015 05:17:36
AVLODE.RDF : 14.0.4.54 78895 Bytes 08.12.2014 11:27:57
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:38
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:39
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:40
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 15:14:40
XBV00178.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:56
XBV00179.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:56
XBV00180.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:56
XBV00181.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:56
XBV00182.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:56
XBV00183.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:56
XBV00184.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:56
XBV00185.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00186.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00187.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00188.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00189.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00190.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00191.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00192.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00193.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:57
XBV00194.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:58
XBV00195.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:58
XBV00196.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:58
XBV00197.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:58
XBV00198.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:58
XBV00199.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:59
XBV00200.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:59
XBV00201.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:59
XBV00202.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:59
XBV00203.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:59
XBV00204.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:59
XBV00205.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:16:59
XBV00206.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:00
XBV00207.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:00
XBV00208.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:00
XBV00209.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:00
XBV00210.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:01
XBV00211.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:01
XBV00212.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:01
XBV00213.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:01
XBV00214.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:01
XBV00215.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:01
XBV00216.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:02
XBV00217.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:02
XBV00218.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:02
XBV00219.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:02
XBV00220.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:02
XBV00221.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:03
XBV00222.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:03
XBV00223.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:03
XBV00224.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:03
XBV00225.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:03
XBV00226.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:03
XBV00227.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:03
XBV00228.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00229.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00230.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00231.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00232.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00233.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00234.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00235.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00236.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00237.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00238.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00239.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00240.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00241.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:04
XBV00242.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00243.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00244.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00245.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00246.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00247.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00248.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00249.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00250.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00251.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00252.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00253.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00254.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00255.VDF : 8.11.213.176 2048 Bytes 05.03.2015 14:17:05
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:56:00
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 11:59:48
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 12:17:03
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:44:10
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:22:49
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 09:12:29
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 18:24:18
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 14:49:11
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 15:14:36
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 15:16:29
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 16:50:08
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 18:20:06
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:51:13
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 05:48:43
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 15:52:21
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 07:43:21
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 14:16:47
XBV00042.VDF : 8.11.213.202 3584 Bytes 05.03.2015 14:16:47
XBV00043.VDF : 8.11.213.204 2048 Bytes 05.03.2015 14:16:47
XBV00044.VDF : 8.11.213.230 40960 Bytes 05.03.2015 14:16:47
XBV00045.VDF : 8.11.214.2 29184 Bytes 05.03.2015 20:16:47
XBV00046.VDF : 8.11.214.28 25088 Bytes 05.03.2015 07:53:26
XBV00047.VDF : 8.11.214.30 14848 Bytes 05.03.2015 07:53:26
XBV00048.VDF : 8.11.214.32 3072 Bytes 05.03.2015 07:53:26
XBV00049.VDF : 8.11.214.34 2048 Bytes 06.03.2015 07:53:26
XBV00050.VDF : 8.11.214.38 39424 Bytes 06.03.2015 07:53:26
XBV00051.VDF : 8.11.214.40 6656 Bytes 06.03.2015 07:53:26
XBV00052.VDF : 8.11.214.42 4608 Bytes 06.03.2015 07:53:27
XBV00053.VDF : 8.11.214.44 5120 Bytes 06.03.2015 18:00:53
XBV00054.VDF : 8.11.214.46 23552 Bytes 06.03.2015 18:00:53
XBV00055.VDF : 8.11.214.48 3072 Bytes 06.03.2015 18:00:53
XBV00056.VDF : 8.11.214.50 25600 Bytes 06.03.2015 18:00:53
XBV00057.VDF : 8.11.214.72 2048 Bytes 06.03.2015 18:00:53
XBV00058.VDF : 8.11.214.92 48128 Bytes 06.03.2015 18:00:53
XBV00059.VDF : 8.11.214.112 12800 Bytes 06.03.2015 18:00:53
XBV00060.VDF : 8.11.214.114 2560 Bytes 06.03.2015 18:00:54
XBV00061.VDF : 8.11.214.136 32256 Bytes 06.03.2015 18:00:54
XBV00062.VDF : 8.11.214.138 2048 Bytes 06.03.2015 18:00:54
XBV00063.VDF : 8.11.214.140 2048 Bytes 07.03.2015 18:00:54
XBV00064.VDF : 8.11.214.144 34304 Bytes 07.03.2015 18:00:54
XBV00065.VDF : 8.11.214.146 2048 Bytes 07.03.2015 18:00:54
XBV00066.VDF : 8.11.214.168 33792 Bytes 07.03.2015 18:00:54
XBV00067.VDF : 8.11.214.188 71168 Bytes 08.03.2015 18:00:54
XBV00068.VDF : 8.11.214.190 2048 Bytes 08.03.2015 18:00:54
XBV00069.VDF : 8.11.214.192 2048 Bytes 08.03.2015 18:00:54
XBV00070.VDF : 8.11.214.212 2048 Bytes 08.03.2015 18:00:55
XBV00071.VDF : 8.11.214.232 28672 Bytes 08.03.2015 18:00:55
XBV00072.VDF : 8.11.214.252 69120 Bytes 09.03.2015 18:00:55
XBV00073.VDF : 8.11.215.14 3584 Bytes 09.03.2015 18:00:55
XBV00074.VDF : 8.11.215.32 7168 Bytes 09.03.2015 18:00:55
XBV00075.VDF : 8.11.215.50 12800 Bytes 09.03.2015 18:00:55
XBV00076.VDF : 8.11.215.52 5120 Bytes 09.03.2015 18:00:55
XBV00077.VDF : 8.11.215.70 17920 Bytes 09.03.2015 18:00:55
XBV00078.VDF : 8.11.215.90 2048 Bytes 09.03.2015 18:00:55
XBV00079.VDF : 8.11.215.110 2048 Bytes 09.03.2015 18:00:55
XBV00080.VDF : 8.11.215.132 29696 Bytes 09.03.2015 18:00:55
XBV00081.VDF : 8.11.215.134 11264 Bytes 09.03.2015 18:00:55
XBV00082.VDF : 8.11.215.136 11264 Bytes 09.03.2015 18:00:56
XBV00083.VDF : 8.11.215.138 12288 Bytes 10.03.2015 18:00:56
XBV00084.VDF : 8.11.215.140 35840 Bytes 10.03.2015 18:00:56
XBV00085.VDF : 8.11.215.158 6144 Bytes 10.03.2015 18:00:56
XBV00086.VDF : 8.11.215.174 5632 Bytes 10.03.2015 18:00:56
XBV00087.VDF : 8.11.215.190 8704 Bytes 10.03.2015 18:00:56
XBV00088.VDF : 8.11.215.206 19968 Bytes 10.03.2015 18:00:56
XBV00089.VDF : 8.11.215.222 12800 Bytes 10.03.2015 18:00:56
XBV00090.VDF : 8.11.215.226 2048 Bytes 10.03.2015 18:00:56
XBV00091.VDF : 8.11.215.230 14336 Bytes 10.03.2015 18:00:56
XBV00092.VDF : 8.11.215.234 26112 Bytes 10.03.2015 18:00:56
XBV00093.VDF : 8.11.215.236 11776 Bytes 10.03.2015 18:00:56
XBV00094.VDF : 8.11.215.240 22016 Bytes 11.03.2015 18:00:57
XBV00095.VDF : 8.11.215.242 2048 Bytes 11.03.2015 18:00:57
XBV00096.VDF : 8.11.215.244 2048 Bytes 11.03.2015 18:00:57
XBV00097.VDF : 8.11.216.4 7680 Bytes 11.03.2015 18:00:57
XBV00098.VDF : 8.11.216.20 12800 Bytes 11.03.2015 18:00:57
XBV00099.VDF : 8.11.216.36 19968 Bytes 11.03.2015 18:00:57
XBV00100.VDF : 8.11.216.52 2560 Bytes 11.03.2015 18:00:57
XBV00101.VDF : 8.11.216.54 22016 Bytes 11.03.2015 18:00:57
XBV00102.VDF : 8.11.216.56 8192 Bytes 11.03.2015 18:00:57
XBV00103.VDF : 8.11.216.58 4608 Bytes 11.03.2015 18:00:57
XBV00104.VDF : 8.11.216.60 16896 Bytes 11.03.2015 18:00:58
XBV00105.VDF : 8.11.216.76 14336 Bytes 11.03.2015 18:00:58
XBV00106.VDF : 8.11.216.90 30208 Bytes 11.03.2015 18:00:58
XBV00107.VDF : 8.11.216.104 5632 Bytes 12.03.2015 18:00:58
XBV00108.VDF : 8.11.216.118 6656 Bytes 12.03.2015 18:00:58
XBV00109.VDF : 8.11.216.120 24576 Bytes 12.03.2015 18:00:58
XBV00110.VDF : 8.11.216.122 16896 Bytes 12.03.2015 05:13:15
XBV00111.VDF : 8.11.216.124 2048 Bytes 12.03.2015 05:13:15
XBV00112.VDF : 8.11.216.138 16896 Bytes 12.03.2015 05:13:15
XBV00113.VDF : 8.11.216.140 2048 Bytes 12.03.2015 05:13:15
XBV00114.VDF : 8.11.216.154 3584 Bytes 12.03.2015 05:13:15
XBV00115.VDF : 8.11.216.168 2048 Bytes 12.03.2015 05:13:15
XBV00116.VDF : 8.11.216.182 70144 Bytes 12.03.2015 05:13:16
XBV00117.VDF : 8.11.216.196 2048 Bytes 13.03.2015 05:13:16
XBV00118.VDF : 8.11.216.200 46080 Bytes 13.03.2015 05:13:16
XBV00119.VDF : 8.11.216.214 11776 Bytes 13.03.2015 05:13:16
XBV00120.VDF : 8.11.216.228 4096 Bytes 13.03.2015 05:13:16
XBV00121.VDF : 8.11.216.242 2560 Bytes 13.03.2015 05:13:16
XBV00122.VDF : 8.11.216.254 2560 Bytes 13.03.2015 05:13:16
XBV00123.VDF : 8.11.217.10 7680 Bytes 13.03.2015 05:13:16
XBV00124.VDF : 8.11.217.14 2048 Bytes 13.03.2015 05:13:16
XBV00125.VDF : 8.11.217.16 24576 Bytes 13.03.2015 05:13:17
XBV00126.VDF : 8.11.217.22 17408 Bytes 13.03.2015 05:13:17
XBV00127.VDF : 8.11.217.24 2048 Bytes 13.03.2015 05:13:17
XBV00128.VDF : 8.11.217.26 2048 Bytes 13.03.2015 05:13:17
XBV00129.VDF : 8.11.217.28 15872 Bytes 13.03.2015 05:13:17
XBV00130.VDF : 8.11.217.42 84480 Bytes 14.03.2015 05:13:17
XBV00131.VDF : 8.11.217.54 2048 Bytes 14.03.2015 05:13:17
XBV00132.VDF : 8.11.217.66 2048 Bytes 14.03.2015 05:13:17
XBV00133.VDF : 8.11.217.78 19456 Bytes 14.03.2015 05:13:17
XBV00134.VDF : 8.11.217.90 71680 Bytes 15.03.2015 05:13:18
XBV00135.VDF : 8.11.217.102 2048 Bytes 15.03.2015 05:13:18
XBV00136.VDF : 8.11.217.124 6656 Bytes 15.03.2015 05:13:18
XBV00137.VDF : 8.11.217.136 76800 Bytes 16.03.2015 05:13:18
XBV00138.VDF : 8.11.217.146 3584 Bytes 16.03.2015 05:13:18
XBV00139.VDF : 8.11.217.156 3584 Bytes 16.03.2015 05:13:18
XBV00140.VDF : 8.11.217.166 4096 Bytes 16.03.2015 05:13:18
XBV00141.VDF : 8.11.217.176 12288 Bytes 16.03.2015 05:13:18
XBV00142.VDF : 8.11.217.186 13312 Bytes 16.03.2015 05:13:18
XBV00143.VDF : 8.11.217.188 24064 Bytes 16.03.2015 05:13:18
XBV00144.VDF : 8.11.217.194 7680 Bytes 16.03.2015 05:13:18
XBV00145.VDF : 8.11.217.198 31232 Bytes 16.03.2015 05:13:18
XBV00146.VDF : 8.11.217.208 13824 Bytes 16.03.2015 20:42:02
XBV00147.VDF : 8.11.217.216 7680 Bytes 16.03.2015 20:42:02
XBV00148.VDF : 8.11.217.224 2048 Bytes 17.03.2015 20:42:02
XBV00149.VDF : 8.11.217.232 23552 Bytes 17.03.2015 20:42:03
XBV00150.VDF : 8.11.217.240 7168 Bytes 17.03.2015 20:42:03
XBV00151.VDF : 8.11.217.242 9216 Bytes 17.03.2015 20:42:03
XBV00152.VDF : 8.11.217.244 13824 Bytes 17.03.2015 20:42:03
XBV00153.VDF : 8.11.217.252 4608 Bytes 17.03.2015 20:42:03
XBV00154.VDF : 8.11.218.4 10240 Bytes 17.03.2015 20:42:03
XBV00155.VDF : 8.11.218.6 12800 Bytes 17.03.2015 20:42:03
XBV00156.VDF : 8.11.218.16 14848 Bytes 17.03.2015 20:42:03
XBV00157.VDF : 8.11.218.20 2048 Bytes 17.03.2015 20:42:03
XBV00158.VDF : 8.11.218.28 4096 Bytes 17.03.2015 05:15:15
XBV00159.VDF : 8.11.218.30 25600 Bytes 17.03.2015 05:15:15
XBV00160.VDF : 8.11.218.32 2048 Bytes 17.03.2015 05:15:16
XBV00161.VDF : 8.11.218.34 18432 Bytes 17.03.2015 05:15:16
XBV00162.VDF : 8.11.218.38 26112 Bytes 18.03.2015 04:52:51
XBV00163.VDF : 8.11.218.46 4096 Bytes 18.03.2015 04:52:51
XBV00164.VDF : 8.11.218.52 3584 Bytes 18.03.2015 04:52:51
XBV00165.VDF : 8.11.218.66 5120 Bytes 18.03.2015 04:52:51
XBV00166.VDF : 8.11.218.78 24576 Bytes 18.03.2015 04:52:51
XBV00167.VDF : 8.11.218.88 15360 Bytes 18.03.2015 04:52:51
XBV00168.VDF : 8.11.218.98 17408 Bytes 18.03.2015 04:52:51
XBV00169.VDF : 8.11.218.100 10240 Bytes 18.03.2015 04:52:51
XBV00170.VDF : 8.11.218.102 7680 Bytes 18.03.2015 04:52:51
XBV00171.VDF : 8.11.218.106 39936 Bytes 19.03.2015 05:18:00
XBV00172.VDF : 8.11.218.116 37888 Bytes 19.03.2015 05:18:00
XBV00173.VDF : 8.11.218.126 14336 Bytes 19.03.2015 05:18:00
XBV00174.VDF : 8.11.218.136 58880 Bytes 19.03.2015 05:18:00
XBV00175.VDF : 8.11.218.148 79872 Bytes 19.03.2015 05:18:00
XBV00176.VDF : 8.11.218.150 16896 Bytes 19.03.2015 05:18:00
XBV00177.VDF : 8.11.218.152 2048 Bytes 19.03.2015 05:18:00
LOCAL000.VDF : 8.11.218.152 125038592 Bytes 19.03.2015 05:18:52
Engineversion : 8.3.30.4
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 18:41:53
AESCRIPT.DLL : 8.2.2.58 560248 Bytes 17.03.2015 20:42:02
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 17:01:18
AESBX.DLL : 8.2.20.34 1615784 Bytes 04.03.2015 13:43:08
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 17:14:00
AEPACK.DLL : 8.4.0.62 793456 Bytes 23.02.2015 09:22:26
AEOFFICE.DLL : 8.3.1.14 354216 Bytes 12.03.2015 18:00:52
AEMOBILE.DLL : 8.1.7.0 281456 Bytes 12.03.2015 18:00:53
AEHEUR.DLL : 8.1.4.1606 8256368 Bytes 20.03.2015 05:17:32
AEHELP.DLL : 8.3.2.0 281456 Bytes 20.03.2015 05:17:27
AEGEN.DLL : 8.1.7.40 456608 Bytes 22.12.2014 15:42:44
AEEXP.DLL : 8.4.2.70 255904 Bytes 06.02.2015 13:47:53
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 15:14:24
AEDROID.DLL : 8.4.3.116 1050536 Bytes 12.03.2015 18:00:53
AECORE.DLL : 8.3.4.0 243624 Bytes 18.12.2014 11:30:28
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 15:14:23
AVWINLL.DLL : 15.0.8.652 25904 Bytes 20.03.2015 05:17:26
AVPREF.DLL : 15.0.8.652 53248 Bytes 20.03.2015 05:17:37
AVREP.DLL : 15.0.8.652 221432 Bytes 20.03.2015 05:17:37
AVARKT.DLL : 15.0.8.652 228088 Bytes 20.03.2015 05:17:32
AVEVTLOG.DLL : 15.0.8.652 183600 Bytes 20.03.2015 05:17:35
SQLITE3.DLL : 15.0.8.652 456440 Bytes 20.03.2015 05:17:59
AVSMTP.DLL : 15.0.8.652 79360 Bytes 20.03.2015 05:17:39
NETNT.DLL : 15.0.8.652 17352 Bytes 20.03.2015 05:17:56
RCIMAGE.DLL : 15.0.8.652 4864816 Bytes 20.03.2015 05:17:26
RCTEXT.DLL : 15.0.8.652 75056 Bytes 20.03.2015 05:17:26
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 20. März 2015 07:01
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
c:\adsm_pdata_0150\dragwait.exe
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\_avt
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\si.db
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\ul.db
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\vl.db
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\_avt
[HINWEIS] Die Datei ist nicht sichtbar.
c:\program files\asus\asus data security manager\driver\x86\asdsm.sys
[HINWEIS] Die Datei ist nicht sichtbar.
c:\program files\asus\asus data security manager\driver\x86\_avt
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150
[HINWEIS] Das Verzeichnis ist nicht sichtbar.
c:\adsm_pdata_0150\db
[HINWEIS] Das Verzeichnis ist nicht sichtbar.
c:\program files\asus\asus data security manager\driver\x86
[HINWEIS] Das Verzeichnis ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WPFFontCache_v0400.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'spmgr.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Amazon Music Helper.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACEngSvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSMMgr.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACMON.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'aspg.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hcontrol.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdSync.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASScrPro.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'P4P.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMSrv.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2072' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <VistaOS>
C:\Users\***\AppData\Local\temp\OCS\ocs_v71a.exe
[FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen
Beginne mit der Suche in 'D:\' <DATA>
Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\temp\OCS\ocs_v71a.exe
[FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56495262.qua' verschoben!
Ende des Suchlaufs: Freitag, 20. März 2015 11:12
Benötigte Zeit: 1:43:38 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
27385 Verzeichnisse wurden überprüft
447892 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
447891 Dateien ohne Befall
4325 Archive wurden durchsucht
0 Warnungen
12 Hinweise
701368 Objekte wurden beim Rootkitscan durchsucht
11 Versteckte Objekte wurden gefunden
Hier das Log dazu: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.03.2015 Suchlauf-Zeit: 10:40:14 Logdatei: mbam log 2.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.20.03 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: *** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 345181 Verstrichene Zeit: 30 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by *** (administrator) on ***-PC on 20-03-2015 11:20:54
Running from C:\Users\***\Desktop
Loaded Profiles: *** & (Available profiles: *** & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\ASUS\ATK Media\DMedia.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\P4P\P4P.exe
() C:\Windows\ASScrPro.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2008-02-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [PowerForPhone] => C:\Program Files\P4P\P4P.exe [778240 2008-01-26] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-10] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\ASScrProlog.exe [37232 2008-07-10] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-01-19] ()
HKLM\...\Run: [BCSSync] => D:\Instalationsdateien\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [Amazon Music] => C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Instalationsdateien\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227966909
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://de-de.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\INSTAL~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\INSTAL~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2795298741-2112087132-3505275501-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-26] (Nullsoft, Inc.)
FF Extension: GMX MailCheck - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\toolbar@gmx.net [2015-03-03]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-12]
FF Extension: PHPNukeDE Toolbar - C:\Program Files\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2015-03-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2007-09-26] (Windows (R) Codename Longhorn DDK provider)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2015-03-20] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-04-23] (Samsung Electronics) [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-20 11:20 - 2015-03-20 11:21 - 00017616 _____ () C:\Users\***\Desktop\FRST.txt
2015-03-20 11:20 - 2015-03-20 11:20 - 00000000 ____D () C:\FRST
2015-03-20 11:19 - 2015-03-20 11:19 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2015-03-20 11:19 - 2015-03-20 11:19 - 00000000 _____ () C:\Users\***\defogger_reenable
2015-03-20 11:17 - 2015-03-20 11:18 - 00000000 ____D () C:\Users\***\Desktop\Avira log
2015-03-20 11:16 - 2015-03-20 11:16 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2015-03-20 11:15 - 2015-03-20 11:15 - 01135104 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2015-03-20 11:13 - 2015-03-20 11:13 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2015-03-13 06:53 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 06:52 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 06:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 06:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 06:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 06:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 06:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 06:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 06:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 06:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 06:43 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 06:43 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-13 06:41 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 19:25 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 19:25 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 19:25 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 19:25 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 19:25 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 19:25 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 19:25 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 19:25 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 19:25 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 18:59 - 2015-03-12 18:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 09:50 - 2015-02-27 10:37 - 00000000 ____D () C:\Users\***\Desktop\Saghar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-20 11:21 - 2013-01-23 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 11:19 - 2008-10-16 21:36 - 00000000 ____D () C:\Users\***
2015-03-20 11:15 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 11:15 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 11:05 - 2014-05-10 12:04 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job
2015-03-20 11:05 - 2014-05-10 12:04 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job
2015-03-20 10:40 - 2014-12-02 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 10:39 - 2008-07-10 18:00 - 01790867 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 06:09 - 2014-12-11 18:59 - 00000000 ____D () C:\Users\***\AppData\Local\FreePDF_XP
2015-03-20 06:09 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 06:21 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-19 05:44 - 2012-09-28 11:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-17 21:41 - 2008-07-10 19:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-17 06:04 - 2006-11-02 13:47 - 00377464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 06:51 - 2014-05-16 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 06:46 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-05 20:34 - 2012-10-17 20:13 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 14:43 - 2012-10-17 20:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:43 - 2012-10-17 20:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 16:43 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:23 - 2009-10-02 19:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2008-11-13 20:42 - 2014-05-02 18:48 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.001
2008-11-13 18:58 - 2014-05-01 11:45 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.dat
2008-12-07 14:21 - 2008-12-07 14:23 - 1279254 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081207.bmp
2008-12-11 20:20 - 2008-12-11 20:20 - 23970870 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081211.bmp
2010-05-21 09:18 - 2010-05-21 09:18 - 2560054 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20100521.bmp
2013-01-22 20:30 - 2013-01-22 20:37 - 42467382 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20130122.bmp
2013-11-03 20:46 - 2013-11-03 20:47 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20131103.bmp
2014-05-19 20:09 - 2014-05-19 20:09 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140519.bmp
2014-09-13 20:22 - 2014-09-13 20:27 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140913.bmp
2011-06-03 19:34 - 2015-01-15 06:48 - 0000680 _____ () C:\Users\***\AppData\Local\d3d9caps.dat
2008-10-18 14:56 - 2014-02-05 17:58 - 0049664 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-10 20:50 - 2011-09-19 11:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-05-02 21:07 - 2015-03-20 10:37 - 0176142 _____ () C:\ProgramData\nvModes.001
2014-05-02 21:06 - 2015-03-20 10:37 - 0176142 _____ () C:\ProgramData\nvModes.dat
Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\avgnt.exe
C:\Users\***\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-8u31-windows-au.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-20 06:26
==================== End Of Log ============================
Addition: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by *** at 2015-03-20 11:21:35
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{2396F815-84E0-4353-83D7-8B190556DA42}) (Version: 1.00.0003 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS InstantFun (HKLM\...\{57B15AD4-8C9D-4164-82BB-E33D8644E757}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.6 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0004 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}) (Version: 1.02.0019 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 2.4.7.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0023 - ATK)
ATK Media (HKLM\...\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}) (Version: - )
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.6 - ATK)
AudibleManager (HKLM\...\AudibleManager) (Version: 7559957.-2.2004512950.2004511964 - Audible, Inc.)
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame PlugIn 3.96 APS (HKLM\...\Audiograbber Lame PlugIn) (Version: 3.96 APS - )
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2830 - CyberLink Corp.)
Das Geheimnis des silbernen Ohrrings (HKLM\...\{4D6D0AA7-DD0E-47A8-BFCE-5A8E4E074CD0}) (Version: 1.00.0000 - Frogwares)
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
dm Fotowelt (HKLM\...\dm Fotowelt) (Version: - )
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Google Chrome Frame (HKLM\...\{7455D86F-5295-389C-AA29-18D2BDAF8DD8}) (Version: 65.169.102 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.80.5.1 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sherlock Holmes (HKLM\...\Sherlock Holmes) (Version: 0.0.0.0 - INTENIUM GmbH)
Sherlock Holmes und der Hund der Baskervilles (HKLM\...\Sherlock Holmes und der Hund der Baskervilles) (Version: 1.0.0.0 - INTENIUM GmbH)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Total Video Converter 3.61 100319 (HKLM\...\Total Video Converter 3.61_is1) (Version: - EffectMatrix Inc.)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VIS (HKLM\...\VIS) (Version: - ) <==== ATTENTION
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Wartung Samsung CLP-620 Series (HKLM\...\Samsung CLP-620 Series) (Version: - Samsung Electronics CO.,LTD)
Winamp (HKLM\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
XnView 1.80 (HKLM\...\XnView_is1) (Version: 1.80 - Gougelet Pierre-e)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
==================== Restore Points =========================
27-02-2015 11:49:52 Windows Update
03-03-2015 11:36:16 Windows Update
12-03-2015 19:22:19 Windows Update
13-03-2015 06:38:58 Windows Update
17-03-2015 06:29:16 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2013-05-14 21:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION
Task: {1F4FCD5D-8ED2-4212-BDDA-6DC446BA43B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION
Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION
Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION
Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION
Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION
Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION
Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION
Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION
Task: {8352B580-641E-4BAD-89CA-3DCC243218D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION
Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION
Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION
Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION
Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION
Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION
Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION
Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION
Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION
Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION
Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION
Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION
Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {F81EF21C-F8FA-43AB-A6CB-C763D176EB75} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {FB297749-1051-4B6F-9D00-661A406EC721} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2008-07-10 19:00 - 2007-05-18 10:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-07-10 18:53 - 2007-10-03 05:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-07-10 18:54 - 2007-08-08 08:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-12-11 18:57 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2012-05-20 13:08 - 2009-05-13 01:30 - 00026624 _____ () C:\Windows\System32\ssd2cl3.dll
2012-05-20 13:08 - 2009-09-04 09:59 - 00491520 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssd2cdu.dll
2008-07-10 19:00 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-07-10 19:00 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2011-12-13 11:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2008-07-10 19:00 - 2007-08-08 10:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-07-10 18:55 - 2007-10-18 03:04 - 07737344 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00061440 _____ () C:\Program Files\ASUS\ATK Media\DMedia.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00049152 _____ () C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
2008-07-10 18:56 - 2006-10-25 23:37 - 00045056 _____ () C:\Program Files\ASUS\ATK Media\GERSTRING.dll
2008-07-10 19:17 - 2008-01-26 02:32 - 00778240 _____ () C:\Program Files\P4P\P4P.exe
2008-07-10 19:27 - 2008-07-10 19:27 - 00033136 _____ () C:\Windows\ASScrPro.exe
2008-07-10 18:53 - 2004-05-28 02:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-07-10 18:57 - 2007-09-26 19:24 - 00147456 _____ () C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
2008-07-10 19:03 - 2007-07-06 00:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-10 19:11 - 2007-07-10 06:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2012-05-20 13:07 - 2010-01-19 10:19 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2008-07-10 18:53 - 2007-08-08 19:03 - 02441216 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2014-12-03 21:41 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
2008-07-10 18:53 - 2007-08-15 19:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-07-10 18:53 - 2007-08-15 19:38 - 00147456 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-07-10 19:08 - 2007-08-03 20:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-07-10 19:08 - 2007-09-14 18:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-07-10 19:08 - 2003-11-28 10:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-07-10 19:08 - 2005-08-29 23:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-07-10 19:08 - 2003-09-10 00:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-07-10 19:08 - 2006-04-04 18:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-07-10 19:08 - 2005-04-08 03:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2795298741-2112087132-3505275501-500 - Administrator - Disabled)
Gast (S-1-5-21-2795298741-2112087132-3505275501-501 - Limited - Enabled) => C:\Users\Gast
*** (S-1-5-21-2795298741-2112087132-3505275501-1000 - Administrator - Enabled) => C:\Users\***
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/20/2015 10:43:43 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\PERMISSIONS.SQLITE-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 10:43:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 10:43:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/20/2015 06:18:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (03/20/2015 06:11:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/19/2015 05:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/17/2015 06:05:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/12/2015 06:55:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/12/2015 06:54:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.03.2015 um 18:51:41 unerwartet heruntergefahren.
Error: (03/12/2015 06:49:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/06/2015 08:47:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/06/2015 08:46:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.03.2015 um 08:16:10 unerwartet heruntergefahren.
Error: (03/06/2015 08:15:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/05/2015 08:30:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Microsoft Office Sessions:
=========================
Error: (03/20/2015 10:43:43 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\PERMISSIONS.SQLITE-JOURNAL
Error: (03/20/2015 10:43:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK
Error: (03/20/2015 10:43:23 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHE
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.CACHE
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTORE
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.SBSTORE
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET
Error: (03/20/2015 06:18:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET
Error: (03/20/2015 06:18:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.CACHE
CodeIntegrity Errors:
===================================
Date: 2015-03-20 10:50:32.341
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:31.749
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:31.218
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:30.594
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:29.877
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:29.331
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:28.800
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:28.223
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:42:40.756
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:42:40.199
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 51%
Total physical RAM: 3070.29 MB
Available physical RAM: 1473.81 MB
Total Pagefile: 6350.87 MB
Available Pagefile: 4568.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.02 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:11.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:70.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106.7 GB) - (Type=OF Extended)
==================== End Of Log ============================
Gmer: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-20 11:43:46
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925082 rev.3.AA 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliypod.sys
---- System - GMER 2.1 ----
SSDT 8C3489FE ZwCreateSection
SSDT 8C3489D6 ZwCreateSymbolicLinkObject
SSDT 8C3489DB ZwLoadDriver
SSDT 8C3489D1 ZwOpenSection
SSDT 8C348A08 ZwRequestWaitReplyPort
SSDT 8C348A03 ZwSetContextThread
SSDT 8C348A0D ZwSetSecurityObject
SSDT 8C3489E0 ZwSetSystemInformation
SSDT 8C348A12 ZwSystemDebugControl
SSDT 8C34899F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828C57D8 4 Bytes [FE, 89, 34, 8C]
.text ntkrnlpa.exe!KeSetEvent + 21D 828C57E0 4 Bytes [D6, 89, 34, 8C] {SALC ; MOV [ESP+ECX*4], ESI}
.text ntkrnlpa.exe!KeSetEvent + 37D 828C5940 4 Bytes [DB, 89, 34, 8C]
.text ntkrnlpa.exe!KeSetEvent + 3FD 828C59C0 4 Bytes [D1, 89, 34, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 828C5AFC 4 Bytes [08, 8A, 34, 8C]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!LdrLoadDll 77A89378 5 Bytes JMP 7007900C C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtCreateFile 77AC4264 5 Bytes JMP 5494D441 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtFlushBuffersFile 77AC4764 5 Bytes JMP 5494D181 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtQueryFullAttributesFile 77AC4C94 5 Bytes JMP 5494D2B9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtReadFile 77AC4EC4 5 Bytes JMP 5494D1BB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtReadFileScatter 77AC4ED4 5 Bytes JMP 54D33D7D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtWriteFile 77AC54D4 5 Bytes JMP 5494D5E5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] ntdll.dll!NtWriteFileGather 77AC54E4 5 Bytes JMP 54D33DCD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] kernel32.dll!HeapSetInformation + 26 774BA9B8 7 Bytes JMP 54AD497B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] kernel32.dll!LockResource + C 774D6BD3 7 Bytes JMP 54D1ECDA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] kernel32.dll!VirtualAllocEx + 54 774DB030 7 Bytes JMP 54D2041B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] USER32.dll!GetWindowInfo 776A428E 5 Bytes JMP 5580FA10 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1716] GDI32.dll!SetStretchBltMode + 256 7709745C 7 Bytes JMP 54D1D492 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Ich habe die Hoffung, dass es sich dabei "nur" im potentiell unerwünschte Programme handelt, bin mir aber nicht sicher... Schonmal im vorraus ein Danke für eure Hilfe! |
|
20.03.2015, 14:24
| #2 |
| /// the machine /// TB-Ausbilder    | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
20.03.2015, 14:59
| #3 |
| | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Hi Schrauber, danke für die schnelle Antwort!
__________________Hier die Datei: Code:
ATTFilter # AdwCleaner v4.112 - Bericht erstellt 20/03/2015 um 14:51:43
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : *** - ***-PC
# Gestarted von : C:\Users\***\Desktop\AdwCleaner_4.112.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\OCS
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VIS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16633
-\\ Mozilla Firefox v36.0.1 (x86 de)
[1ubr1awq.default-1423215999919\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
*************************
AdwCleaner[R0].txt - [1674 Bytes] - [20/03/2015 14:47:08]
AdwCleaner[S0].txt - [1555 Bytes] - [20/03/2015 14:51:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1614 Bytes] ##########
|
|
21.03.2015, 11:06
| #4 |
| /// the machine /// TB-Ausbilder | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
FRST öffnen, Haken setzen bei Addition und scannen ,poste bitte beide Logs.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.03.2015, 09:21
| #5 |
| | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Hallo Schrauber, 2 Dinge: 1. Beim Revo Uninstaller kann ich kein Programm mit dem Namen "VIS" finden. Wenn ich es in das Suchfeld eingebe, dann bekomme ich nur verschiedene Sachen von Microsoft angezeigt: "Microsoft Visual C++ ...." oder "Microsoft Visual Studio..." 2. Beim Neustarst nachdem ich das Logfile vom Scan mit AdwCleaner gepostet habe, bekam ich folgende Meldung: Neue Hardware gefunden. Treibersoftware für "Unbekanntes Gerät" muss installiert werden. Ich habe hier erstmal auf "Später nachfragen" geklickt... |
|
22.03.2015, 17:39
| #6 |
| /// the machine /// TB-Ausbilder | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Kannste von dem Hardware-Fenster mal einen Screenshot machen? Und bitte die frischen FRST logs posten 
__________________ --> PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden |
|
22.03.2015, 18:04
| #7 |
| | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Einen Screenshot kann ich leider nicht machen, denn komischerweise ist das Fenster bei zwei weiteren Neustarts nicht aufgetaucht... Was ist mit der Tatsache, dass ich "VIS" beim Revo Uninstaller nicht finden kann? Hier die neuen Logs: FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by *** (administrator) on ***-PC on 22-03-2015 17:55:04
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\ASUS\ATK Media\DMedia.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\P4P\P4P.exe
() C:\Windows\ASScrPro.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2008-02-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [PowerForPhone] => C:\Program Files\P4P\P4P.exe [778240 2008-01-26] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-10] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\ASScrProlog.exe [37232 2008-07-10] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-01-19] ()
HKLM\...\Run: [BCSSync] => D:\Instalationsdateien\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [Amazon Music] => C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Instalationsdateien\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227966909
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://de-de.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\INSTAL~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\INSTAL~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-26] (Nullsoft, Inc.)
FF Extension: GMX MailCheck - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\toolbar@gmx.net [2015-03-03]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-12]
FF Extension: PHPNukeDE Toolbar - C:\Program Files\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2015-03-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2007-09-26] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-04-23] (Samsung Electronics) [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-22 09:12 - 2015-03-22 09:12 - 00001024 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk
2015-03-22 09:12 - 2015-03-22 09:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-22 09:10 - 2015-03-22 09:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\***\Desktop\revosetup95.exe
2015-03-20 14:56 - 2015-03-20 14:56 - 00001682 _____ () C:\Users\***\Desktop\AdwCleaner bearbeitet.txt
2015-03-20 14:46 - 2015-03-20 14:51 - 00000000 ____D () C:\AdwCleaner
2015-03-20 14:45 - 2015-03-20 14:46 - 02171392 _____ () C:\Users\***\Desktop\AdwCleaner_4.112.exe
2015-03-20 11:55 - 2015-03-20 11:55 - 00005505 _____ () C:\Users\***\Desktop\Gmer bearbeitet.txt
2015-03-20 11:54 - 2015-03-20 11:54 - 00040448 _____ () C:\Users\***\Desktop\Addition bearbeitet.txt
2015-03-20 11:53 - 2015-03-20 11:53 - 00027532 _____ () C:\Users\***\Desktop\FRST bearbeitet.txt
2015-03-20 11:43 - 2015-03-20 11:43 - 00005508 _____ () C:\Users\***\Desktop\Gmer.txt
2015-03-20 11:21 - 2015-03-20 11:22 - 00040497 _____ () C:\Users\***\Desktop\Addition.txt
2015-03-20 11:20 - 2015-03-22 17:56 - 00015986 _____ () C:\Users\***\Desktop\FRST.txt
2015-03-20 11:20 - 2015-03-22 17:55 - 00000000 ____D () C:\FRST
2015-03-20 11:19 - 2015-03-20 11:19 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2015-03-20 11:19 - 2015-03-20 11:19 - 00000000 _____ () C:\Users\***\defogger_reenable
2015-03-20 11:17 - 2015-03-20 11:18 - 00000000 ____D () C:\Users\***\Desktop\Avira log
2015-03-20 11:16 - 2015-03-20 11:16 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2015-03-20 11:15 - 2015-03-20 11:15 - 01135104 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2015-03-20 11:13 - 2015-03-20 11:13 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2015-03-13 06:53 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 06:52 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 06:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 06:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 06:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 06:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 06:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 06:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 06:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 06:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 06:43 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 06:43 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-13 06:41 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 19:25 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 19:25 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 19:25 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 19:25 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 19:25 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 19:25 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 19:25 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 19:25 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 19:25 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 18:59 - 2015-03-12 18:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-27 09:50 - 2015-02-27 10:37 - 00000000 ____D () C:\Users\***\Desktop\Saghar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-22 17:55 - 2008-07-10 18:00 - 01853917 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 17:51 - 2014-12-11 18:59 - 00000000 ____D () C:\Users\***\AppData\Local\FreePDF_XP
2015-03-22 17:51 - 2014-05-10 12:04 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job
2015-03-22 17:51 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 17:51 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 17:51 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 17:49 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-22 17:43 - 2013-01-23 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 17:41 - 2014-05-10 12:04 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job
2015-03-20 14:53 - 2008-07-10 19:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-20 11:48 - 2014-12-02 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 11:19 - 2008-10-16 21:36 - 00000000 ____D () C:\Users\***
2015-03-19 05:44 - 2012-09-28 11:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-17 06:04 - 2006-11-02 13:47 - 00377464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 06:51 - 2014-05-16 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 06:46 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-05 20:34 - 2012-10-17 20:13 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 14:43 - 2012-10-17 20:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:43 - 2012-10-17 20:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 16:43 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:23 - 2009-10-02 19:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2008-11-13 20:42 - 2014-05-02 18:48 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.001
2008-11-13 18:58 - 2014-05-01 11:45 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.dat
2008-12-07 14:21 - 2008-12-07 14:23 - 1279254 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081207.bmp
2008-12-11 20:20 - 2008-12-11 20:20 - 23970870 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081211.bmp
2010-05-21 09:18 - 2010-05-21 09:18 - 2560054 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20100521.bmp
2013-01-22 20:30 - 2013-01-22 20:37 - 42467382 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20130122.bmp
2013-11-03 20:46 - 2013-11-03 20:47 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20131103.bmp
2014-05-19 20:09 - 2014-05-19 20:09 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140519.bmp
2014-09-13 20:22 - 2014-09-13 20:27 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140913.bmp
2011-06-03 19:34 - 2015-01-15 06:48 - 0000680 _____ () C:\Users\***\AppData\Local\d3d9caps.dat
2008-10-18 14:56 - 2014-02-05 17:58 - 0049664 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-10 20:50 - 2011-09-19 11:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-05-02 21:07 - 2015-03-22 17:51 - 0176142 _____ () C:\ProgramData\nvModes.001
2014-05-02 21:06 - 2015-03-22 17:51 - 0176142 _____ () C:\ProgramData\nvModes.dat
Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\avgnt.exe
C:\Users\***\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\***\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\***\AppData\Local\temp\Quarantine.exe
C:\Users\***\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-22 17:57
==================== End Of Log ============================
--- --- --- Addition: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by *** at 2015-03-22 17:57:07
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{2396F815-84E0-4353-83D7-8B190556DA42}) (Version: 1.00.0003 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS InstantFun (HKLM\...\{57B15AD4-8C9D-4164-82BB-E33D8644E757}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.6 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0004 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}) (Version: 1.02.0019 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 2.4.7.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0023 - ATK)
ATK Media (HKLM\...\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}) (Version: - )
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.6 - ATK)
AudibleManager (HKLM\...\AudibleManager) (Version: 7559957.-2.2004512950.2004511964 - Audible, Inc.)
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame PlugIn 3.96 APS (HKLM\...\Audiograbber Lame PlugIn) (Version: 3.96 APS - )
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2830 - CyberLink Corp.)
Das Geheimnis des silbernen Ohrrings (HKLM\...\{4D6D0AA7-DD0E-47A8-BFCE-5A8E4E074CD0}) (Version: 1.00.0000 - Frogwares)
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
dm Fotowelt (HKLM\...\dm Fotowelt) (Version: - )
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Google Chrome Frame (HKLM\...\{7455D86F-5295-389C-AA29-18D2BDAF8DD8}) (Version: 65.169.102 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.80.5.1 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sherlock Holmes (HKLM\...\Sherlock Holmes) (Version: 0.0.0.0 - INTENIUM GmbH)
Sherlock Holmes und der Hund der Baskervilles (HKLM\...\Sherlock Holmes und der Hund der Baskervilles) (Version: 1.0.0.0 - INTENIUM GmbH)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Total Video Converter 3.61 100319 (HKLM\...\Total Video Converter 3.61_is1) (Version: - EffectMatrix Inc.)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Wartung Samsung CLP-620 Series (HKLM\...\Samsung CLP-620 Series) (Version: - Samsung Electronics CO.,LTD)
Winamp (HKLM\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
XnView 1.80 (HKLM\...\XnView_is1) (Version: 1.80 - Gougelet Pierre-e)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
==================== Restore Points =========================
03-03-2015 11:36:16 Windows Update
12-03-2015 19:22:19 Windows Update
13-03-2015 06:38:58 Windows Update
17-03-2015 06:29:16 Windows Update
22-03-2015 09:12:03 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2013-05-14 21:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION
Task: {1F4FCD5D-8ED2-4212-BDDA-6DC446BA43B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION
Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION
Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION
Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION
Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION
Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION
Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION
Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION
Task: {8352B580-641E-4BAD-89CA-3DCC243218D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION
Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION
Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION
Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION
Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION
Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION
Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION
Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION
Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION
Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION
Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION
Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION
Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {F81EF21C-F8FA-43AB-A6CB-C763D176EB75} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {FB297749-1051-4B6F-9D00-661A406EC721} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2008-07-10 19:00 - 2007-05-18 10:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-07-10 18:53 - 2007-10-03 05:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-07-10 18:54 - 2007-08-08 08:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-12-11 18:57 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2012-05-20 13:08 - 2009-05-13 01:30 - 00026624 _____ () C:\Windows\System32\ssd2cl3.dll
2012-05-20 13:08 - 2009-09-04 09:59 - 00491520 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssd2cdu.dll
2008-07-10 19:00 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-07-10 19:00 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2011-12-13 11:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2008-07-10 19:00 - 2007-08-08 10:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-07-10 18:55 - 2007-10-18 03:04 - 07737344 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00061440 _____ () C:\Program Files\ASUS\ATK Media\DMedia.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00049152 _____ () C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
2008-07-10 18:56 - 2006-10-25 23:37 - 00045056 _____ () C:\Program Files\ASUS\ATK Media\GERSTRING.dll
2008-07-10 19:17 - 2008-01-26 02:32 - 00778240 _____ () C:\Program Files\P4P\P4P.exe
2008-07-10 19:27 - 2008-07-10 19:27 - 00033136 _____ () C:\Windows\ASScrPro.exe
2012-05-20 13:07 - 2010-01-19 10:19 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2008-07-10 18:53 - 2004-05-28 02:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-07-10 18:57 - 2007-09-26 19:24 - 00147456 _____ () C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
2008-07-10 19:03 - 2007-07-06 00:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-10 19:11 - 2007-07-10 06:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2014-12-03 21:41 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
2008-07-10 18:53 - 2007-08-08 19:03 - 02441216 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-07-10 18:53 - 2007-08-15 19:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-07-10 18:53 - 2007-08-15 19:38 - 00147456 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-07-10 19:08 - 2007-08-03 20:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-07-10 19:08 - 2007-09-14 18:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-07-10 19:08 - 2003-11-28 10:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-07-10 19:08 - 2005-08-29 23:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-07-10 19:08 - 2003-09-10 00:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-07-10 19:08 - 2006-04-04 18:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-07-10 19:08 - 2005-04-08 03:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2795298741-2112087132-3505275501-500 - Administrator - Disabled)
Gast (S-1-5-21-2795298741-2112087132-3505275501-501 - Limited - Enabled) => C:\Users\Gast
*** (S-1-5-21-2795298741-2112087132-3505275501-1000 - Administrator - Enabled) => C:\Users\***
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/22/2015 05:52:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/22/2015 05:45:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-BADBINURL-SHAVAR.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/22/2015 09:10:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/22/2015 09:10:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/22/2015 08:59:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 02:54:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 02:44:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (03/22/2015 05:52:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/22/2015 05:45:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/22/2015 08:59:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/20/2015 02:54:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/20/2015 02:41:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/20/2015 06:11:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/19/2015 05:46:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/17/2015 06:05:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/12/2015 06:55:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/12/2015 06:54:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.03.2015 um 18:51:41 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (03/22/2015 05:52:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/22/2015 05:45:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-PHISH-SHAVAR.PSET
Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-MALWARE-SHAVAR.PSET
Error: (03/22/2015 09:14:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\GOOG-BADBINURL-SHAVAR.PSET
Error: (03/22/2015 09:10:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK
Error: (03/22/2015 09:10:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SESSIONSTORE-BACKUPS\RECOVERY.BAK
Error: (03/22/2015 08:59:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 02:54:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/20/2015 02:44:06 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.SBSTORE
CodeIntegrity Errors:
===================================
Date: 2015-03-20 10:50:32.341
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:31.749
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:31.218
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:30.594
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:29.877
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:29.331
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:28.800
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:28.223
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:42:40.756
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:42:40.199
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 38%
Total physical RAM: 3070.29 MB
Available physical RAM: 1900.27 MB
Total Pagefile: 6342.85 MB
Available Pagefile: 5085.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.22 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:11.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:70.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106.7 GB) - (Type=OF Extended)
==================== End Of Log ============================
Geändert von zwn (22.03.2015 um 18:10 Uhr) |
|
23.03.2015, 09:23
| #8 |
| /// the machine /// TB-Ausbilder | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden VIS wurde schon von AdwCleaner gekillt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION
Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION
Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION
Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION
Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION
Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION
Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION
Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION
Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION
Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION
Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION
Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION
Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION
Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION
Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION
Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION
Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION
Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION
Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION
Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION
Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.03.2015, 13:09
| #9 |
| | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Hi Schrauber, nach dem Fix kam eine Fehlermeldung. Der Screenshot ist angehängt. Leider ist der Laptop beim ersten Fix zwischendruch ausgegangen, weshalb ich ihn neustarten musste. Habe den Fix dann nochmal gestartet. Hier sind die Beiden Logs: 1: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by *** at 2015-03-23 10:56:10 Run:1
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION
Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION
Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION
Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION
Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION
Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION
Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION
Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION
Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION
Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION
Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION
Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION
Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION
Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION
Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION
Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION
Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION
Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION
Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION
Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION
Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION
Emptytemp:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08C1F56F-088D-4C39-90C8-DC91FC840E23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{181E6DDB-34B4-413B-BB3A-13569A47B47C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{181E6DDB-34B4-413B-BB3A-13569A47B47C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C65372D3-A2AC-4846-B224-9DA52C853565}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C4BEA3-5DAF-4A7D-A6CF-5237554F840E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C4BEA3-5DAF-4A7D-A6CF-5237554F840E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FA2F356-D9B9-4379-BFB3-561836FACC41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FDBDC47-7148-49DB-9D32-32E6A003C996}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDBDC47-7148-49DB-9D32-32E6A003C996}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30FF26BF-5D0E-4A0D-8E3A-74F448F3278C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FF26BF-5D0E-4A0D-8E3A-74F448F3278C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DFD5A6F-BED3-4940-864C-795168F886B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320124A7-D70F-41DE-A9D1-D5E8E19D5D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320124A7-D70F-41DE-A9D1-D5E8E19D5D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39B2AB48-552A-4DDD-89F6-BD28784C4795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B2AB48-552A-4DDD-89F6-BD28784C4795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A17516A-C56F-4909-A45C-1E4EE8BE0837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A17516A-C56F-4909-A45C-1E4EE8BE0837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ManualDefrag" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C5B104F-A9EF-40F3-82A6-917E09DBB6B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5B104F-A9EF-40F3-82A6-917E09DBB6B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42955E89-15F6-4B96-B803-8F10D491AF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42955E89-15F6-4B96-B803-8F10D491AF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48909068-64F9-4B29-8C14-6957F35923C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48909068-64F9-4B29-8C14-6957F35923C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4914F671-C936-43DC-99FF-FA6CEFA48631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4914F671-C936-43DC-99FF-FA6CEFA48631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C7F530A-D15D-4BE8-816A-B3F93F0750DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth\UninstallDeviceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54F6CCFE-6C12-4522-A0F6-9DABAC751D2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F6CCFE-6C12-4522-A0F6-9DABAC751D2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Mcbuilder" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561375CB-FF5A-417B-B297-BA73DE149581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561375CB-FF5A-417B-B297-BA73DE149581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57030356-4699-4E1F-9939-F9D4460CD4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57030356-4699-4E1F-9939-F9D4460CD4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5936C79A-731F-4716-BE59-35B58194ECE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5936C79A-731F-4716-BE59-35B58194ECE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61CFE991-4061-4219-8E70-0EDF343472E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61CFE991-4061-4219-8E70-0EDF343472E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9CC80E87-3310-4336-A010-8A18DC3F2535}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BD37163-E955-4095-A64E-D09EB8917C21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD37163-E955-4095-A64E-D09EB8917C21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Signature Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C041448-C69A-4D8B-A774-4F3948997407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask-Roam" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78DABEC8-68B8-4590-81BD-4532D98F07C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78DABEC8-68B8-4590-81BD-4532D98F07C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{792493DE-3878-4323-B44D-F6F0C3562126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{792493DE-3878-4323-B44D-F6F0C3562126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80EF5715-7C51-4381-AC78-AEEC32723C56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80EF5715-7C51-4381-AC78-AEEC32723C56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89194558-47E7-4A9E-B507-6C91CE4E6504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89194558-47E7-4A9E-B507-6C91CE4E6504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89BC8B22-30CE-4893-9DC1-F51764E377F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89BC8B22-30CE-4893-9DC1-F51764E377F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\WSHReset" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90934D6D-B296-4720-9332-BBCE3BBAFAFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90934D6D-B296-4720-9332-BBCE3BBAFAFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A89627D-AE65-40F3-88A3-B9951A36F0A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92C1E05D-0752-44C4-9541-E0311D8076F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92C1E05D-0752-44C4-9541-E0311D8076F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98AEA341-4C47-49D0-8C2D-FE77D5555D9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98AEA341-4C47-49D0-8C2D-FE77D5555D9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99B9521C-F109-4B7B-BDDF-99CF656525E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B9521C-F109-4B7B-BDDF-99CF656525E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ScheduledDefrag" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B05EBB8C-D310-4191-A51D-C8E4B46199A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0181A7F-943E-4C95-81B0-B19DB84FAC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0181A7F-943E-4C95-81B0-B19DB84FAC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0CD70452-7D35-4999-B126-2DCD7ABA619F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2D7C16D-D9DC-4982-A8C3-774722DEEB9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2D7C16D-D9DC-4982-A8C3-774722DEEB9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS SmartLogon Console Sensor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8AB5B03-9FA1-497A-90C5-C11888682D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8AB5B03-9FA1-497A-90C5-C11888682D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5320A76D-52E5-4D51-96BD-ABE6C59047C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D913FE43-F22E-4EBD-880E-712ABDE8E828}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D913FE43-F22E-4EBD-880E-712ABDE8E828}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6031411-55F5-4DD3-B55A-CE322D523FA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6031411-55F5-4DD3-B55A-CE322D523FA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD11F57F-3271-4269-91B6-4BFCBC014426}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E9D54BE1-CB20-4DFC-914B-4A2FA7C00403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D54BE1-CB20-4DFC-914B-4A2FA7C00403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Lpksetup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBC018B6-24B0-4279-98A5-0081A2EB83B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBC018B6-24B0-4279-98A5-0081A2EB83B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE3B6822-025B-4A3E-8682-2116DC6AD7C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF16443-B75E-45A5-BCBB-56B7BF614AF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF16443-B75E-45A5-BCBB-56B7BF614AF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE3EA02-AD42-4B49-A996-BB3CFEE832BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE3EA02-AD42-4B49-A996-BB3CFEE832BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0151438E-71FB-4644-9B9F-4D162F36262E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D6E476-24FE-4649-A4D7-985706B29128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D6E476-24FE-4649-A4D7-985706B29128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC6EE397-3ADC-4083-9CE2-6140F304DE98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC6EE397-3ADC-4083-9CE2-6140F304DE98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C8A63CF-60C3-4332-99A4-8F60FFE0C241}" => Key deleted successfully.
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by *** at 2015-03-23 11:00:11 Run:2
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) No Task File <==== ATTENTION
Task: {04699375-5AFB-4BAF-9F2A-09D8C0497F4E} - \Microsoft\Windows\Media Center\ehDRMInit No Task File <==== ATTENTION
Task: {08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288} - \{08C1F56F-088D-4C39-90C8-DC91FC840E23} No Task File <==== ATTENTION
Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask No Task File <==== ATTENTION
Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - \Microsoft\Windows\Windows Error Reporting\QueueReporting No Task File <==== ATTENTION
Task: {181E6DDB-34B4-413B-BB3A-13569A47B47C} - \{C65372D3-A2AC-4846-B224-9DA52C853565} No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - \Microsoft\Windows\MobilePC\TMM No Task File <==== ATTENTION
Task: {23C4BEA3-5DAF-4A7D-A6CF-5237554F840E} - \{9FA2F356-D9B9-4379-BFB3-561836FACC41} No Task File <==== ATTENTION
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {30FF26BF-5D0E-4A0D-8E3A-74F448F3278C} - \{7DFD5A6F-BED3-4940-864C-795168F886B4} No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI No Task File <==== ATTENTION
Task: {357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {39B2AB48-552A-4DDD-89F6-BD28784C4795} - \User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B} No Task File <==== ATTENTION
Task: {3A17516A-C56F-4909-A45C-1E4EE8BE0837} - \Microsoft\Windows\Defrag\ManualDefrag No Task File <==== ATTENTION
Task: {3BB5D87B-C851-4325-97B6-95E4EA1CBC61} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - \Microsoft\Windows\Shell\CrawlStartPages No Task File <==== ATTENTION
Task: {3C5B104F-A9EF-40F3-82A6-917E09DBB6B1} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {3CD7BF6C-F120-476E-AF84-851D43BDDEEE} - \Microsoft\Windows\WDI\ResolutionHost No Task File <==== ATTENTION
Task: {42955E89-15F6-4B96-B803-8F10D491AF65} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - \Microsoft\Windows\RAC\RACAgent No Task File <==== ATTENTION
Task: {48909068-64F9-4B29-8C14-6957F35923C3} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {4914F671-C936-43DC-99FF-FA6CEFA48631} - \{0C7F530A-D15D-4BE8-816A-B3F93F0750DB} No Task File <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File <==== ATTENTION
Task: {54F6CCFE-6C12-4522-A0F6-9DABAC751D2F} - \Microsoft\Windows\MUI\Mcbuilder No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - \Microsoft\Windows\Wired\GatherWiredInfo No Task File <==== ATTENTION
Task: {57030356-4699-4E1F-9939-F9D4460CD4DA} - \Microsoft\Windows\Media Center\OCURDiscovery No Task File <==== ATTENTION
Task: {5936C79A-731F-4716-BE59-35B58194ECE5} - \Microsoft\Windows\Media Center\OCURActivate No Task File <==== ATTENTION
Task: {61CFE991-4061-4219-8E70-0EDF343472E9} - \{9CC80E87-3310-4336-A010-8A18DC3F2535} No Task File <==== ATTENTION
Task: {6B91DF4F-7E1F-4AE8-820A-2FB331567D67} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {6BD37163-E955-4095-A64E-D09EB8917C21} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {6C041448-C69A-4D8B-A774-4F3948997407} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam No Task File <==== ATTENTION
Task: {6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47} - \WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000 No Task File <==== ATTENTION
Task: {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00} - \Microsoft\Windows\Multimedia\SystemSoundsService No Task File <==== ATTENTION
Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {792493DE-3878-4323-B44D-F6F0C3562126} - \Microsoft\Windows\CertificateServicesClient\UserTask No Task File <==== ATTENTION
Task: {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75} - \Microsoft\Windows\CertificateServicesClient\SystemTask No Task File <==== ATTENTION
Task: {80EF5715-7C51-4381-AC78-AEEC32723C56} - \ASUS Live Update No Task File <==== ATTENTION
Task: {858BD5FB-61C3-4D83-8392-B9855BE4DF1D} - \Microsoft\Windows\Media Center\mcupdate No Task File <==== ATTENTION
Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator No Task File <==== ATTENTION
Task: {89BC8B22-30CE-4893-9DC1-F51764E377F4} - \Microsoft\Windows\Tcpip\WSHReset No Task File <==== ATTENTION
Task: {90934D6D-B296-4720-9332-BBCE3BBAFAFE} - \{3A89627D-AE65-40F3-88A3-B9951A36F0A5} No Task File <==== ATTENTION
Task: {92C1E05D-0752-44C4-9541-E0311D8076F1} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {98AEA341-4C47-49D0-8C2D-FE77D5555D9A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) No Task File <==== ATTENTION
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File <==== ATTENTION
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification No Task File <==== ATTENTION
Task: {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91} - \Microsoft\Windows\Media Center\UpdateRecordPath No Task File <==== ATTENTION
Task: {C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F} - \{B05EBB8C-D310-4191-A51D-C8E4B46199A1} No Task File <==== ATTENTION
Task: {C6CBFEC8-EF47-4B48-9718-3A4170F99600} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {D0181A7F-943E-4C95-81B0-B19DB84FAC6B} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84} - \{0CD70452-7D35-4999-B126-2DCD7ABA619F} No Task File <==== ATTENTION
Task: {D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {D2D7C16D-D9DC-4982-A8C3-774722DEEB9F} - \ASUS SmartLogon Console Sensor No Task File <==== ATTENTION
Task: {D8AB5B03-9FA1-497A-90C5-C11888682D07} - \{5320A76D-52E5-4D51-96BD-ABE6C59047C8} No Task File <==== ATTENTION
Task: {D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91} - \{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8} No Task File <==== ATTENTION
Task: {D913FE43-F22E-4EBD-880E-712ABDE8E828} - \{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B} No Task File <==== ATTENTION
Task: {DCF8CA49-10FE-40EA-A5B8-504B864BC698} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - \Microsoft\Windows\Wireless\GatherWirelessInfo No Task File <==== ATTENTION
Task: {E6031411-55F5-4DD3-B55A-CE322D523FA7} - \{CD11F57F-3271-4269-91B6-4BFCBC014426} No Task File <==== ATTENTION
Task: {E9D54BE1-CB20-4DFC-914B-4A2FA7C00403} - \Microsoft\Windows\MUI\Lpksetup No Task File <==== ATTENTION
Task: {EBC018B6-24B0-4279-98A5-0081A2EB83B1} - \{DE3B6822-025B-4A3E-8682-2116DC6AD7C4} No Task File <==== ATTENTION
Task: {EBF16443-B75E-45A5-BCBB-56B7BF614AF9} - \{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF} No Task File <==== ATTENTION
Task: {EFE3EA02-AD42-4B49-A996-BB3CFEE832BD} - \{0151438E-71FB-4644-9B9F-4D162F36262E} No Task File <==== ATTENTION
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - \Microsoft\Windows\UPnP\UPnPHostConfig No Task File <==== ATTENTION
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {FC6EE397-3ADC-4083-9CE2-6140F304DE98} - \{5C8A63CF-60C3-4332-99A4-8F60FFE0C241} No Task File <==== ATTENTION
Emptytemp:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{034F6ED7-4F1A-42CA-A130-B8EEB72ECE3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08AD1C99-8DF2-4D3D-9F52-C4E5CEB29288}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08C1F56F-088D-4C39-90C8-DC91FC840E23}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{181E6DDB-34B4-413B-BB3A-13569A47B47C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{181E6DDB-34B4-413B-BB3A-13569A47B47C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C65372D3-A2AC-4846-B224-9DA52C853565}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC81347-6204-4B83-900C-01E02F50F067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C4BEA3-5DAF-4A7D-A6CF-5237554F840E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C4BEA3-5DAF-4A7D-A6CF-5237554F840E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FA2F356-D9B9-4379-BFB3-561836FACC41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FDBDC47-7148-49DB-9D32-32E6A003C996}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDBDC47-7148-49DB-9D32-32E6A003C996}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30FF26BF-5D0E-4A0D-8E3A-74F448F3278C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FF26BF-5D0E-4A0D-8E3A-74F448F3278C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7DFD5A6F-BED3-4940-864C-795168F886B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320124A7-D70F-41DE-A9D1-D5E8E19D5D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320124A7-D70F-41DE-A9D1-D5E8E19D5D91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{357C6FCC-36C2-4DFD-B92B-4E8CD48F7EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39B2AB48-552A-4DDD-89F6-BD28784C4795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B2AB48-552A-4DDD-89F6-BD28784C4795}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{7EDEB2FF-964E-41F5-A727-304BA298990B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A17516A-C56F-4909-A45C-1E4EE8BE0837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A17516A-C56F-4909-A45C-1E4EE8BE0837}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ManualDefrag" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C5B104F-A9EF-40F3-82A6-917E09DBB6B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5B104F-A9EF-40F3-82A6-917E09DBB6B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42955E89-15F6-4B96-B803-8F10D491AF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42955E89-15F6-4B96-B803-8F10D491AF65}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48909068-64F9-4B29-8C14-6957F35923C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48909068-64F9-4B29-8C14-6957F35923C3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4914F671-C936-43DC-99FF-FA6CEFA48631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4914F671-C936-43DC-99FF-FA6CEFA48631}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C7F530A-D15D-4BE8-816A-B3F93F0750DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth\UninstallDeviceTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54F6CCFE-6C12-4522-A0F6-9DABAC751D2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F6CCFE-6C12-4522-A0F6-9DABAC751D2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Mcbuilder" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561375CB-FF5A-417B-B297-BA73DE149581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561375CB-FF5A-417B-B297-BA73DE149581}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57030356-4699-4E1F-9939-F9D4460CD4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57030356-4699-4E1F-9939-F9D4460CD4DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5936C79A-731F-4716-BE59-35B58194ECE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5936C79A-731F-4716-BE59-35B58194ECE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61CFE991-4061-4219-8E70-0EDF343472E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61CFE991-4061-4219-8E70-0EDF343472E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9CC80E87-3310-4336-A010-8A18DC3F2535}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BD37163-E955-4095-A64E-D09EB8917C21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD37163-E955-4095-A64E-D09EB8917C21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Signature Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C041448-C69A-4D8B-A774-4F3948997407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask-Roam" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E7034E8-D1EA-411C-A1A4-3C01F5BD1A47}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2795298741-2112087132-3505275501-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78DABEC8-68B8-4590-81BD-4532D98F07C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78DABEC8-68B8-4590-81BD-4532D98F07C2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{792493DE-3878-4323-B44D-F6F0C3562126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{792493DE-3878-4323-B44D-F6F0C3562126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80EF5715-7C51-4381-AC78-AEEC32723C56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80EF5715-7C51-4381-AC78-AEEC32723C56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89194558-47E7-4A9E-B507-6C91CE4E6504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89194558-47E7-4A9E-B507-6C91CE4E6504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89BC8B22-30CE-4893-9DC1-F51764E377F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89BC8B22-30CE-4893-9DC1-F51764E377F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\WSHReset" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90934D6D-B296-4720-9332-BBCE3BBAFAFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90934D6D-B296-4720-9332-BBCE3BBAFAFE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A89627D-AE65-40F3-88A3-B9951A36F0A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92C1E05D-0752-44C4-9541-E0311D8076F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92C1E05D-0752-44C4-9541-E0311D8076F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98AEA341-4C47-49D0-8C2D-FE77D5555D9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98AEA341-4C47-49D0-8C2D-FE77D5555D9A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99B9521C-F109-4B7B-BDDF-99CF656525E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B9521C-F109-4B7B-BDDF-99CF656525E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ScheduledDefrag" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4CE8FCE-0A1E-4D3C-BA46-5C4E4E13845F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B05EBB8C-D310-4191-A51D-C8E4B46199A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0181A7F-943E-4C95-81B0-B19DB84FAC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0181A7F-943E-4C95-81B0-B19DB84FAC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1E9EB2E-A2D5-40D0-B452-6A1A114D5D84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0CD70452-7D35-4999-B126-2DCD7ABA619F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D282BBA5-3CD1-4DC5-ACCD-FFC699D19DE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2D7C16D-D9DC-4982-A8C3-774722DEEB9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2D7C16D-D9DC-4982-A8C3-774722DEEB9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS SmartLogon Console Sensor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8AB5B03-9FA1-497A-90C5-C11888682D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8AB5B03-9FA1-497A-90C5-C11888682D07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5320A76D-52E5-4D51-96BD-ABE6C59047C8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8FCC7BA-7D21-4D50-A0B8-5CFDDE670C91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{39931AEE-70A9-4314-8CDE-E9DFDB00C4A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D913FE43-F22E-4EBD-880E-712ABDE8E828}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D913FE43-F22E-4EBD-880E-712ABDE8E828}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B3A3841-39B7-4BA2-B5A1-19B9CCD4E77B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6031411-55F5-4DD3-B55A-CE322D523FA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6031411-55F5-4DD3-B55A-CE322D523FA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD11F57F-3271-4269-91B6-4BFCBC014426}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E9D54BE1-CB20-4DFC-914B-4A2FA7C00403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D54BE1-CB20-4DFC-914B-4A2FA7C00403}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\Lpksetup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBC018B6-24B0-4279-98A5-0081A2EB83B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBC018B6-24B0-4279-98A5-0081A2EB83B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE3B6822-025B-4A3E-8682-2116DC6AD7C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF16443-B75E-45A5-BCBB-56B7BF614AF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF16443-B75E-45A5-BCBB-56B7BF614AF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43F7E614-8B08-4EA7-9BDA-1ADDB95AF3CF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE3EA02-AD42-4B49-A996-BB3CFEE832BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE3EA02-AD42-4B49-A996-BB3CFEE832BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0151438E-71FB-4644-9B9F-4D162F36262E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D6E476-24FE-4649-A4D7-985706B29128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D6E476-24FE-4649-A4D7-985706B29128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC6EE397-3ADC-4083-9CE2-6140F304DE98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC6EE397-3ADC-4083-9CE2-6140F304DE98}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5C8A63CF-60C3-4332-99A4-8F60FFE0C241}" => Key deleted successfully.
EmptyTemp: => Removed 6.2 GB temporary data.
The system needed a reboot.
==== End of Fixlog 11:02:07 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c2d9db048d194944b190d5deeac70fff
# engine=23034
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-23 11:35:48
# local_time=2015-03-23 12:35:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 98152 264643276 0 0
# scanned=170247
# found=0
# cleaned=0
# scan_time=4447
Code:
ATTFilter Results of screen317's Security Check version 0.99.97
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.13 Adobe Reader out of Date!
Mozilla Firefox (36.0.4)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
23.03.2015, 20:12
| #10 |
| /// the machine /// TB-Ausbilder | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Das frische FRST log bitte noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.03.2015, 22:22
| #11 |
| | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Ahhh, das habe ich glatt überlesen, sorry.... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by *** (administrator) on ***-PC on 23-03-2015 22:11:07
Running from C:\Users\***\Desktop
Loaded Profiles: *** (Available profiles: *** & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\ASUS\ATK Media\DMedia.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\P4P\P4P.exe
() C:\Windows\ASScrPro.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7737344 2007-10-18] ()
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2008-02-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [PowerForPhone] => C:\Program Files\P4P\P4P.exe [778240 2008-01-26] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-10] ()
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\ASScrProlog.exe [37232 2008-07-10] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-01-19] ()
HKLM\...\Run: [BCSSync] => D:\Instalationsdateien\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [Amazon Music] => C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Instalationsdateien\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227966909
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://de-de.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\INSTAL~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\INSTAL~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-02-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-26] (Nullsoft, Inc.)
FF Extension: GMX MailCheck - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\toolbar@gmx.net [2015-03-03]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1ubr1awq.default-1423215999919\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-03-22]
FF Extension: PHPNukeDE Toolbar - C:\Program Files\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2015-03-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728 2007-05-18] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-20] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 AsDsm; C:\Windows\system32\Drivers\AsDsm.sys [29752 2007-08-11] (Windows (R) Codename Longhorn DDK provider)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2007-09-26] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-04-23] (Samsung Electronics) [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\***\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 12:49 - 2015-03-23 12:49 - 00852604 _____ () C:\Users\***\Desktop\SecurityCheck.exe
2015-03-23 11:16 - 2015-03-23 11:16 - 00000000 ____D () C:\Program Files\ESET
2015-03-23 11:14 - 2015-03-23 11:14 - 02347384 _____ (ESET) C:\Users\***\Desktop\esetsmartinstaller_deu.exe
2015-03-22 18:19 - 2015-03-22 18:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 18:00 - 2015-03-22 18:00 - 00038440 _____ () C:\Users\***\Desktop\Addition 2 bearbeitet.txt
2015-03-22 17:59 - 2015-03-22 17:59 - 00027053 _____ () C:\Users\***\Desktop\FRST 2 bearbeitet.txt
2015-03-22 09:12 - 2015-03-22 09:12 - 00001024 _____ () C:\Users\***\Desktop\Revo Uninstaller.lnk
2015-03-22 09:12 - 2015-03-22 09:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-22 09:10 - 2015-03-22 09:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\***\Desktop\revosetup95.exe
2015-03-20 14:56 - 2015-03-20 14:56 - 00001682 _____ () C:\Users\***\Desktop\AdwCleaner bearbeitet.txt
2015-03-20 14:46 - 2015-03-20 14:51 - 00000000 ____D () C:\AdwCleaner
2015-03-20 14:45 - 2015-03-20 14:46 - 02171392 _____ () C:\Users\***\Desktop\AdwCleaner_4.112.exe
2015-03-20 11:55 - 2015-03-20 11:55 - 00005505 _____ () C:\Users\***\Desktop\Gmer bearbeitet.txt
2015-03-20 11:54 - 2015-03-20 11:54 - 00040448 _____ () C:\Users\***\Desktop\Addition bearbeitet.txt
2015-03-20 11:53 - 2015-03-20 11:53 - 00027532 _____ () C:\Users\***\Desktop\FRST bearbeitet.txt
2015-03-20 11:43 - 2015-03-20 11:43 - 00005508 _____ () C:\Users\***\Desktop\Gmer.txt
2015-03-20 11:21 - 2015-03-22 17:58 - 00038490 _____ () C:\Users\***\Desktop\Addition.txt
2015-03-20 11:20 - 2015-03-23 22:12 - 00016043 _____ () C:\Users\***\Desktop\FRST.txt
2015-03-20 11:20 - 2015-03-23 22:11 - 00000000 ____D () C:\FRST
2015-03-20 11:19 - 2015-03-20 11:19 - 00000474 _____ () C:\Users\***\Desktop\defogger_disable.log
2015-03-20 11:19 - 2015-03-20 11:19 - 00000000 _____ () C:\Users\***\defogger_reenable
2015-03-20 11:17 - 2015-03-20 11:18 - 00000000 ____D () C:\Users\***\Desktop\Avira log
2015-03-20 11:16 - 2015-03-20 11:16 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2015-03-20 11:15 - 2015-03-20 11:15 - 01135104 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2015-03-20 11:13 - 2015-03-20 11:13 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2015-03-13 06:53 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 06:52 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 06:51 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 06:45 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 06:45 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 06:44 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-13 06:44 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 06:44 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 06:44 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 06:44 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 06:43 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 06:43 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-13 06:41 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 19:25 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 19:25 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 19:25 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 19:25 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 19:25 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 19:25 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 19:25 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 19:25 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 19:25 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 19:25 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 19:25 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 19:25 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 19:25 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-27 09:50 - 2015-02-27 10:37 - 00000000 ____D () C:\Users\***\Desktop\Saghar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 22:10 - 2008-07-10 18:00 - 01889130 _____ () C:\Windows\WindowsUpdate.log
2015-03-23 22:06 - 2014-12-11 18:59 - 00000000 ____D () C:\Users\***\AppData\Local\FreePDF_XP
2015-03-23 22:05 - 2014-05-10 12:04 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job
2015-03-23 22:05 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 22:05 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 22:05 - 2006-11-02 13:47 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 14:00 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 13:05 - 2014-05-10 12:04 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job
2015-03-23 11:03 - 2008-07-10 19:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-23 10:56 - 2012-09-28 11:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-23 10:47 - 2013-01-23 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 11:48 - 2014-12-02 20:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 11:19 - 2008-10-16 21:36 - 00000000 ____D () C:\Users\***
2015-03-17 06:04 - 2006-11-02 13:47 - 00377464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 06:51 - 2014-05-16 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 06:46 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-05 20:34 - 2012-10-17 20:13 - 00000000 ____D () C:\Program Files\Avira
2015-03-04 14:43 - 2012-10-17 20:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-04 14:43 - 2012-10-17 20:13 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 16:43 - 2006-11-02 11:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 03:23 - 2009-10-02 19:57 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2008-11-13 20:42 - 2014-05-02 18:48 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.001
2008-11-13 18:58 - 2014-05-01 11:45 - 0104030 _____ () C:\Users\***\AppData\Roaming\nvModes.dat
2008-12-07 14:21 - 2008-12-07 14:23 - 1279254 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081207.bmp
2008-12-11 20:20 - 2008-12-11 20:20 - 23970870 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20081211.bmp
2010-05-21 09:18 - 2010-05-21 09:18 - 2560054 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20100521.bmp
2013-01-22 20:30 - 2013-01-22 20:37 - 42467382 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20130122.bmp
2013-11-03 20:46 - 2013-11-03 20:47 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20131103.bmp
2014-05-19 20:09 - 2014-05-19 20:09 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140519.bmp
2014-09-13 20:22 - 2014-09-13 20:27 - 53747766 _____ () C:\Users\***\AppData\Roaming\xnview_wallpaper_20140913.bmp
2011-06-03 19:34 - 2015-01-15 06:48 - 0000680 _____ () C:\Users\***\AppData\Local\d3d9caps.dat
2008-10-18 14:56 - 2014-02-05 17:58 - 0049664 _____ () C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-08-10 20:50 - 2011-09-19 11:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2014-05-02 21:07 - 2015-03-23 22:06 - 0176142 _____ () C:\ProgramData\nvModes.001
2014-05-02 21:06 - 2015-03-23 22:06 - 0176142 _____ () C:\ProgramData\nvModes.dat
Some content of TEMP:
====================
C:\Users\***\AppData\Local\temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-23 22:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by *** at 2015-03-23 22:12:53
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS CopyProtect (HKLM\...\{2396F815-84E0-4353-83D7-8B190556DA42}) (Version: 1.00.0003 - ASUS)
ASUS Data Security Manager (HKLM\...\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}) (Version: 1.00.0006 - ASUS)
ASUS InstantFun (HKLM\...\{57B15AD4-8C9D-4164-82BB-E33D8644E757}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.6 - ASUS)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0004 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}) (Version: 1.02.0019 - ASUS)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version: 2.4.7.7 - Atheros Communications Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0023 - ATK)
ATK Media (HKLM\...\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}) (Version: - )
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.6 - ATK)
AudibleManager (HKLM\...\AudibleManager) (Version: 7559957.-2.2004512950.2004511964 - Audible, Inc.)
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame PlugIn 3.96 APS (HKLM\...\Audiograbber Lame PlugIn) (Version: 3.96 APS - )
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.2830 - CyberLink Corp.)
Das Geheimnis des silbernen Ohrrings (HKLM\...\{4D6D0AA7-DD0E-47A8-BFCE-5A8E4E074CD0}) (Version: 1.00.0000 - Frogwares)
DEUTSCHLAND SPIELT GAME CENTER (HKLM\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
dm Fotowelt (HKLM\...\dm Fotowelt) (Version: - )
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Google Chrome Frame (HKLM\...\{7455D86F-5295-389C-AA29-18D2BDAF8DD8}) (Version: 65.169.102 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.80.5.1 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
P4P (HKLM\...\{FC3D290D-79BE-44B7-ABF9-FDD110925930}) (Version: 1.0.0.17 - P4P)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.52.02 - )
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sherlock Holmes (HKLM\...\Sherlock Holmes) (Version: 0.0.0.0 - INTENIUM GmbH)
Sherlock Holmes und der Hund der Baskervilles (HKLM\...\Sherlock Holmes und der Hund der Baskervilles) (Version: 1.0.0.0 - INTENIUM GmbH)
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Total Video Converter 3.61 100319 (HKLM\...\Total Video Converter 3.61_is1) (Version: - EffectMatrix Inc.)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VLC media player 1.1.10 (HKLM\...\VLC media player) (Version: 1.1.10 - VideoLAN)
Wartung Samsung CLP-620 Series (HKLM\...\Samsung CLP-620 Series) (Version: - Samsung Electronics CO.,LTD)
Winamp (HKLM\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.10 - ATK)
XnView 1.80 (HKLM\...\XnView_is1) (Version: 1.80 - Gougelet Pierre-e)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2795298741-2112087132-3505275501-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\***\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
==================== Restore Points =========================
03-03-2015 11:36:16 Windows Update
12-03-2015 19:22:19 Windows Update
13-03-2015 06:38:58 Windows Update
17-03-2015 06:29:16 Windows Update
22-03-2015 09:12:03 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2013-05-14 21:21 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1F4FCD5D-8ED2-4212-BDDA-6DC446BA43B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8352B580-641E-4BAD-89CA-3DCC243218D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F81EF21C-F8FA-43AB-A6CB-C763D176EB75} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FB297749-1051-4B6F-9D00-661A406EC721} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c3fad1a8a93.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6c3fad7525e3.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2008-07-10 19:00 - 2007-05-18 10:31 - 00073728 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
2008-07-10 18:53 - 2007-10-03 05:53 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-07-10 18:54 - 2007-08-08 08:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2014-12-11 18:57 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2012-05-20 13:08 - 2009-05-13 01:30 - 00026624 _____ () C:\Windows\System32\ssd2cl3.dll
2012-05-20 13:08 - 2009-09-04 09:59 - 00491520 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssd2cdu.dll
2008-07-10 19:00 - 2007-06-15 18:28 - 00147456 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
2008-07-10 19:00 - 2007-06-02 01:08 - 00143360 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
2011-12-13 11:54 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2008-07-10 19:00 - 2007-08-08 10:52 - 00331776 _____ () C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
2008-07-10 18:55 - 2007-10-18 03:04 - 07737344 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00061440 _____ () C:\Program Files\ASUS\ATK Media\DMedia.exe
2008-07-10 18:56 - 2008-02-01 22:29 - 00049152 _____ () C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
2008-07-10 18:56 - 2006-10-25 23:37 - 00045056 _____ () C:\Program Files\ASUS\ATK Media\GERSTRING.dll
2008-07-10 19:17 - 2008-01-26 02:32 - 00778240 _____ () C:\Program Files\P4P\P4P.exe
2008-07-10 19:27 - 2008-07-10 19:27 - 00033136 _____ () C:\Windows\ASScrPro.exe
2008-07-10 18:53 - 2004-05-28 02:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-07-10 18:57 - 2007-09-26 19:24 - 00147456 _____ () C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
2008-07-10 19:03 - 2007-07-06 00:53 - 01040384 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-10 19:11 - 2007-07-10 06:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll
2012-05-20 13:07 - 2010-01-19 10:19 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-12-03 21:41 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\***\AppData\Local\Amazon Music\Amazon Music Helper.exe
2008-07-10 18:53 - 2007-08-08 19:03 - 02441216 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-07-10 18:53 - 2007-08-15 19:20 - 00106496 _____ () C:\Program Files\ATK Hotkey\KBFiltr.exe
2008-07-10 18:53 - 2007-08-15 19:38 - 00147456 _____ () C:\Program Files\ATK Hotkey\WDC.exe
2008-07-10 19:08 - 2007-08-03 20:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-07-10 19:08 - 2007-09-14 18:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-07-10 19:08 - 2003-11-28 10:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-07-10 19:08 - 2005-08-29 23:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-07-10 19:08 - 2003-09-10 00:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-07-10 19:08 - 2006-04-04 18:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-07-10 19:08 - 2005-04-08 03:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2795298741-2112087132-3505275501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2795298741-2112087132-3505275501-500 - Administrator - Disabled)
Gast (S-1-5-21-2795298741-2112087132-3505275501-501 - Limited - Enabled) => C:\Users\Gast
*** (S-1-5-21-2795298741-2112087132-3505275501-1000 - Administrator - Enabled) => C:\Users\***
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2015 10:07:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:19:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/23/2015 11:19:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/23/2015 11:19:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/23/2015 11:19:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/23/2015 11:19:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/23/2015 11:19:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.SBSTORE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/23/2015 11:19:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/23/2015 11:19:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (03/23/2015 11:19:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.CACHE> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (03/23/2015 10:07:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/23/2015 02:00:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (03/23/2015 02:00:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069RapiMgr{ED081F25-6A77-4C89-B689-C6E15C582EC1}
Error: (03/23/2015 01:59:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.03.2015 um 13:52:21 unerwartet heruntergefahren.
Error: (03/23/2015 11:12:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (03/23/2015 11:05:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/23/2015 10:58:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/23/2015 10:57:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.03.2015 um 10:56:08 unerwartet heruntergefahren.
Error: (03/23/2015 10:48:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Error: (03/22/2015 05:52:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2
Microsoft Office Sessions:
=========================
Error: (03/23/2015 10:07:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/23/2015 11:19:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.PSET
Error: (03/23/2015 11:19:21 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.PSET
Error: (03/23/2015 11:19:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.CACHE
Error: (03/23/2015 11:19:20 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.CACHE
Error: (03/23/2015 11:19:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.SBSTORE
Error: (03/23/2015 11:19:19 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-PHISH-SIMPLE.SBSTORE
Error: (03/23/2015 11:19:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET
Error: (03/23/2015 11:19:18 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.PSET
Error: (03/23/2015 11:19:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\***\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1UBR1AWQ.DEFAULT-1423215999919\SAFEBROWSING\TEST-MALWARE-SIMPLE.CACHE
CodeIntegrity Errors:
===================================
Date: 2015-03-20 10:50:32.341
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:31.749
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:31.218
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:30.594
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:29.877
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:29.331
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:28.800
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:50:28.223
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:42:40.756
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-20 10:42:40.199
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 38%
Total physical RAM: 3070.29 MB
Available physical RAM: 1873.17 MB
Total Pagefile: 6346.85 MB
Available Pagefile: 5000.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.86 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:116.44 GB) (Free:16.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.68 GB) (Free:70.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 8D1C393D)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=106.7 GB) - (Type=OF Extended)
==================== End Of Log ============================
Könntest du mir vielleicht kurz knapp erklären worum es sich bei den Funden handelte? Das wäre sehr nett! |
|
24.03.2015, 10:40
| #12 |
| /// the machine /// TB-Ausbilder | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Das war alles nur Adware. Java und ADobe updaten.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.03.2015, 14:39
| #13 |
| | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Alles klar. Wenn ich den Adobe Reader aktualisieren will, dann kommt jedesmal die Meldung, dass bereits eine neuere Version installiert sei... |
|
24.03.2015, 19:32
| #14 |
| /// the machine /// TB-Ausbilder | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Deinstalliere den Reader, installiere dann den aktuellen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.03.2015, 20:05
| #15 |
| | PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden Alles klar, das werde ich machen. Sollte es dennoch Probleme geben, dann melde ich mich nochmal. Ansonsten vielen, vielen Dank für deine schnelle Hilfe und Beantwortung meiner Fragen!!! |
|
| Themen zu PUA/DownloadSponsor.Gen von Avira gefunden und PUP.Optional.SimpleNewTab.A von Malwarebytes gefunden |
| converter, device driver, flash player, homepage, programm, pua/downloadsponsor.gen, pup.optional.bandoo, pup.optional.simplenewtab.a, registry, security, services.exe, software, svchost.exe, vis entfernen |
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
