Virenschutz und Anti Malware funktionieren nicht mehr

jmm20008 · 04.04.2015, 08:21

Hallo zusammen,

avast schaltet sich zwischendurch automatisch ab.
Anti Malware kann ich nicht mehr durchlaufen lassen, wegen Fehlermeldung.
Programme kann ich ebenso nicht mehr deinstallieren.

Ich bitte dringend um Hilfe!

Danke schön!

deeprybka · 04.04.2015, 09:18

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

jmm20008 · 04.04.2015, 09:52

Hallo Jürgen,

vielen Dank für die schnelle Antwort!

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JMR (administrator) on JMR-PC on 04-04-2015 11:36:49
Running from C:\Users\JMR\Downloads
Loaded Profiles: JMR &  (Available profiles: JMR & Gast & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(ASUS) C:\eSupport\SupThrSrv\SupThrSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OLYMPUS Viewer 2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\RunOnce: [Adobe Speed Launcher] => 1428139211
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [308584 2008-12-05] (Microsoft Corporation)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [308584 2008-12-05] (Microsoft Corporation)
HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Logitech Vid] => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-24] (RealDownloader)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-24] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {9D81AF43-DE53-48D0-A199-42C2A226B24C} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\DNA\plugins\npbtdna.dll [2013-05-26] (BitTorrent, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-10-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-10-13] (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522\searchplugins\yahoo-avast.xml [2015-04-04]
FF Extension: Adblock Plus - C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-04] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-04-06] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-13] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SupThrSrv; C:\eSupport\SupThrSrv\SupThrSrv.exe [80512 2009-09-04] (ASUS)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-04] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 11:36 - 2015-04-04 11:38 - 00021373 _____ () C:\Users\JMR\Downloads\FRST.txt
2015-04-04 11:36 - 2015-04-04 11:37 - 00000000 ____D () C:\FRST
2015-04-04 11:35 - 2015-04-04 11:35 - 02095616 _____ (Farbar) C:\Users\JMR\Downloads\FRST64.exe
2015-04-04 10:46 - 2015-04-04 10:46 - 00003122 _____ () C:\Windows\System32\Tasks\{BDACE48F-F83B-4CC5-A169-B26C4EF977B2}
2015-04-04 10:20 - 2015-04-04 10:20 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 10:19 - 2015-04-04 10:19 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-03 23:43 - 2015-04-03 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-03 23:43 - 2015-04-03 23:43 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-03 20:51 - 2015-04-03 20:51 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\dlg
2015-04-03 19:51 - 2015-04-03 21:35 - 00000000 ____D () C:\Program Files (x86)\WNetEnhance
2015-04-03 19:40 - 2015-04-03 19:40 - 00001371 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel
2015-03-11 18:18 - 2015-02-20 06:41 - 00041984 ____N (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:18 - 2015-02-20 06:12 - 00025600 ____N (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:17 - 2015-02-03 05:31 - 00503808 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:17 - 2015-02-03 05:31 - 00432128 ____N (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:17 - 2015-02-03 05:31 - 00229376 ____N (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:17 - 2015-02-03 05:31 - 00188416 ____N (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 01480192 ____N (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 01069056 ____N (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00680960 ____N (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00296448 ____N (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00140288 ____N (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:17 - 2015-02-03 05:30 - 00082432 ____N (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00043520 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:17 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:17 - 2015-02-03 05:12 - 01174528 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:17 - 2015-02-03 05:12 - 00179200 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:17 - 2015-02-03 05:12 - 00081408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 01461760 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00728064 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00341504 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00314880 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00309760 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00210944 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00136192 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00086528 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00029184 ____N (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00028160 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:15 - 2015-03-06 07:41 - 00031232 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:15 - 2015-03-06 07:10 - 00022016 ____N (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:15 - 2015-03-06 07:10 - 00017408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:15 - 2015-03-06 07:09 - 00096768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:14 - 2015-02-20 04:48 - 02886144 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:14 - 2015-02-20 04:03 - 02278400 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:14 - 2015-02-20 03:28 - 02358784 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:14 - 2015-02-20 03:16 - 01548288 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:14 - 2015-02-20 03:01 - 01888256 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:14 - 2015-02-20 02:57 - 01311232 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:14 - 2015-02-13 07:26 - 12875264 ____N (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:14 - 2015-02-13 07:22 - 14177280 ____N (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:14 - 2015-02-03 05:31 - 01424896 ____N (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:14 - 2015-02-03 05:31 - 00215552 ____N (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:14 - 2015-01-17 04:48 - 01067520 ____N (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:14 - 2015-01-17 04:30 - 00828928 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 11:33 - 2010-09-12 21:40 - 01201433 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 11:14 - 2015-01-04 21:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 10:51 - 2014-09-06 20:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 10:50 - 2011-05-28 21:09 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Skype
2015-04-04 10:41 - 2010-09-12 22:00 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-04 10:40 - 2010-11-16 18:02 - 00000000 ____D () C:\Users\JMR\AppData\Local\Google
2015-04-04 10:38 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:38 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:35 - 2013-03-21 23:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 10:32 - 2014-07-05 08:59 - 00054678 _____ () C:\Windows\PFRO.log
2015-04-04 10:32 - 2014-05-07 07:51 - 00045504 _____ () C:\Windows\setupact.log
2015-04-04 10:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 10:26 - 2014-04-05 17:57 - 00001141 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-04 10:26 - 2014-04-05 17:57 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-04 10:20 - 2014-04-22 12:35 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 10:20 - 2014-01-16 08:02 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 10:18 - 2013-03-21 23:29 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 10:04 - 2009-08-04 11:51 - 00725586 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 10:04 - 2009-08-04 11:51 - 00157542 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 10:04 - 2009-07-14 07:13 - 01716058 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 23:56 - 2015-02-14 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 23:56 - 2014-12-25 17:10 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-04-03 23:56 - 2014-10-10 23:52 - 00000000 ____D () C:\Program Files (x86)\OLYMPUS
2015-04-03 23:56 - 2014-10-04 22:57 - 00000000 ____D () C:\Program Files (x86)\Fotosizer
2015-04-03 23:56 - 2014-09-04 13:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-03 23:56 - 2014-04-05 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 23:56 - 2013-08-08 20:24 - 00000000 ____D () C:\Program Files\GIMP 2
2015-04-03 23:56 - 2010-11-21 18:52 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-03 23:56 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-04-03 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-03 23:55 - 2015-02-12 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2
2015-04-03 23:55 - 2014-12-25 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-04-03 23:55 - 2014-11-09 15:59 - 00000000 ____D () C:\Users\JMR\Desktop\Manu Fuerte
2015-04-03 23:55 - 2014-10-10 23:54 - 00000000 ____D () C:\Users\JMR\AppData\Local\OLYMPUS
2015-04-03 23:55 - 2014-10-04 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer
2015-04-03 23:55 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-03 23:55 - 2013-10-27 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-03 23:55 - 2013-08-08 20:29 - 00000000 ____D () C:\Users\JMR\AppData\Local\gtk-2.0
2015-04-03 23:55 - 2010-11-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-04-03 23:55 - 2010-11-16 11:27 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-04-03 23:55 - 2010-11-16 11:27 - 00000000 ____D () C:\Users\JMR
2015-04-03 23:55 - 2010-09-12 22:17 - 00000000 ____D () C:\ProgramData\P4G
2015-04-03 23:55 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-03 23:30 - 2015-02-27 14:42 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Spotify
2015-04-03 22:28 - 2010-11-23 18:10 - 00000000 ____D () C:\Users\Gast
2015-04-03 22:27 - 2014-11-09 15:59 - 00000000 ____D () C:\Users\JMR\Desktop\jahr 2014
2015-04-03 22:27 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-04-03 22:23 - 2014-04-05 17:58 - 00000000 ____D () C:\Users\JMR\AppData\Local\Mozilla
2015-04-03 22:22 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-04-03 22:22 - 2011-05-17 23:15 - 00000000 ____D () C:\ProgramData\Real
2015-04-03 21:49 - 2015-02-27 14:43 - 00000000 ____D () C:\Users\JMR\AppData\Local\Spotify
2015-04-03 19:49 - 2013-08-08 20:26 - 00000000 ____D () C:\Users\JMR\.gimp-2.8
2015-04-02 20:17 - 2014-11-21 18:19 - 00000000 ____D () C:\Users\JMR\Documents\Grundeinstellungen_Spaichinger_Schallpegelmesser
2015-04-02 17:11 - 2012-11-18 09:39 - 00071168 ___SH () C:\Users\JMR\Documents\Thumbs.db
2015-03-24 08:48 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-12 08:14 - 2013-08-14 21:16 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2015-04-03 19:40 - 2015-04-03 19:40 - 0001371 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel
2011-05-01 20:55 - 2014-03-30 19:12 - 0007605 _____ () C:\Users\JMR\AppData\Local\resmon.resmoncfg
2012-01-08 15:11 - 2012-01-08 15:11 - 0000000 _____ () C:\Users\JMR\AppData\Local\{62C30138-F2C1-48EC-86AE-182A550822B2}
2011-05-28 21:11 - 2011-05-28 21:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-09-12 22:01 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-09-12 21:56 - 2010-09-12 21:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-09-12 21:56 - 2010-09-12 21:56 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\JMR\AppData\Local\Temp\icqsetup.exe
C:\Users\JMR\AppData\Local\Temp\Quarantine.exe
C:\Users\JMR\AppData\Local\Temp\rnsetup0.exe
C:\Users\JMR\AppData\Local\Temp\stubhelper.dll
C:\Users\JMR\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 14:10

==================== End Of Log ============================

--- --- ---

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JMR (administrator) on JMR-PC on 04-04-2015 11:36:49
Running from C:\Users\JMR\Downloads
Loaded Profiles: JMR &  (Available profiles: JMR & Gast & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(ASUS) C:\eSupport\SupThrSrv\SupThrSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OLYMPUS Viewer 2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\RunOnce: [Adobe Speed Launcher] => 1428139211
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [308584 2008-12-05] (Microsoft Corporation)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [308584 2008-12-05] (Microsoft Corporation)
HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Logitech Vid] => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-24] (RealDownloader)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-24] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {9D81AF43-DE53-48D0-A199-42C2A226B24C} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://de.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\DNA\plugins\npbtdna.dll [2013-05-26] (BitTorrent, Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-10-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-10-13] (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522\searchplugins\yahoo-avast.xml [2015-04-04]
FF Extension: Adblock Plus - C:\Users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-13]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-04] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-04-06] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-13] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SupThrSrv; C:\eSupport\SupThrSrv\SupThrSrv.exe [80512 2009-09-04] (ASUS)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-04] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 11:36 - 2015-04-04 11:38 - 00021373 _____ () C:\Users\JMR\Downloads\FRST.txt
2015-04-04 11:36 - 2015-04-04 11:37 - 00000000 ____D () C:\FRST
2015-04-04 11:35 - 2015-04-04 11:35 - 02095616 _____ (Farbar) C:\Users\JMR\Downloads\FRST64.exe
2015-04-04 10:46 - 2015-04-04 10:46 - 00003122 _____ () C:\Windows\System32\Tasks\{BDACE48F-F83B-4CC5-A169-B26C4EF977B2}
2015-04-04 10:20 - 2015-04-04 10:20 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 10:19 - 2015-04-04 10:19 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-03 23:43 - 2015-04-03 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-03 23:43 - 2015-04-03 23:43 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-03 20:51 - 2015-04-03 20:51 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\dlg
2015-04-03 19:51 - 2015-04-03 21:35 - 00000000 ____D () C:\Program Files (x86)\WNetEnhance
2015-04-03 19:40 - 2015-04-03 19:40 - 00001371 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel
2015-03-11 18:18 - 2015-02-20 06:41 - 00041984 ____N (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 18:18 - 2015-02-20 06:12 - 00025600 ____N (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 18:17 - 2015-02-03 05:31 - 00503808 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 18:17 - 2015-02-03 05:31 - 00432128 ____N (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 18:17 - 2015-02-03 05:31 - 00229376 ____N (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 18:17 - 2015-02-03 05:31 - 00188416 ____N (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 01480192 ____N (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 01069056 ____N (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00680960 ____N (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00296448 ____N (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00140288 ____N (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 18:17 - 2015-02-03 05:30 - 00082432 ____N (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 18:17 - 2015-02-03 05:30 - 00043520 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 18:17 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 18:17 - 2015-02-03 05:12 - 01174528 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 18:17 - 2015-02-03 05:12 - 00179200 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 18:17 - 2015-02-03 05:12 - 00081408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 01461760 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00728064 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00341504 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00314880 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00309760 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00210944 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00136192 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00086528 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00029184 ____N (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00028160 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 18:15 - 2015-03-06 07:42 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 18:15 - 2015-03-06 07:41 - 00031232 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 18:15 - 2015-03-06 07:10 - 00022016 ____N (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 18:15 - 2015-03-06 07:10 - 00017408 ____N (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 18:15 - 2015-03-06 07:09 - 00096768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 18:14 - 2015-02-20 04:48 - 02886144 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:14 - 2015-02-20 04:03 - 02278400 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:14 - 2015-02-20 03:28 - 02358784 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:14 - 2015-02-20 03:16 - 01548288 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:14 - 2015-02-20 03:01 - 01888256 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:14 - 2015-02-20 02:57 - 01311232 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:14 - 2015-02-13 07:26 - 12875264 ____N (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 18:14 - 2015-02-13 07:22 - 14177280 ____N (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 18:14 - 2015-02-03 05:31 - 01424896 ____N (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 18:14 - 2015-02-03 05:31 - 00215552 ____N (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 18:14 - 2015-01-17 04:48 - 01067520 ____N (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 18:14 - 2015-01-17 04:30 - 00828928 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 11:33 - 2010-09-12 21:40 - 01201433 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 11:14 - 2015-01-04 21:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 10:51 - 2014-09-06 20:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 10:50 - 2011-05-28 21:09 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Skype
2015-04-04 10:41 - 2010-09-12 22:00 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-04 10:40 - 2010-11-16 18:02 - 00000000 ____D () C:\Users\JMR\AppData\Local\Google
2015-04-04 10:38 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:38 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 10:35 - 2013-03-21 23:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 10:32 - 2014-07-05 08:59 - 00054678 _____ () C:\Windows\PFRO.log
2015-04-04 10:32 - 2014-05-07 07:51 - 00045504 _____ () C:\Windows\setupact.log
2015-04-04 10:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 10:26 - 2014-04-05 17:57 - 00001141 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-04 10:26 - 2014-04-05 17:57 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-04 10:20 - 2014-04-22 12:35 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 10:20 - 2014-01-16 08:02 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 10:20 - 2013-03-21 23:29 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 10:18 - 2013-03-21 23:29 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 10:04 - 2009-08-04 11:51 - 00725586 _____ () C:\Windows\system32\perfh007.dat
2015-04-04 10:04 - 2009-08-04 11:51 - 00157542 _____ () C:\Windows\system32\perfc007.dat
2015-04-04 10:04 - 2009-07-14 07:13 - 01716058 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 23:56 - 2015-02-14 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 23:56 - 2014-12-25 17:10 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-04-03 23:56 - 2014-10-10 23:52 - 00000000 ____D () C:\Program Files (x86)\OLYMPUS
2015-04-03 23:56 - 2014-10-04 22:57 - 00000000 ____D () C:\Program Files (x86)\Fotosizer
2015-04-03 23:56 - 2014-09-04 13:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-03 23:56 - 2014-04-05 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 23:56 - 2013-08-08 20:24 - 00000000 ____D () C:\Program Files\GIMP 2
2015-04-03 23:56 - 2010-11-21 18:52 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-03 23:56 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-04-03 23:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-03 23:55 - 2015-02-12 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2
2015-04-03 23:55 - 2014-12-25 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-04-03 23:55 - 2014-11-09 15:59 - 00000000 ____D () C:\Users\JMR\Desktop\Manu Fuerte
2015-04-03 23:55 - 2014-10-10 23:54 - 00000000 ____D () C:\Users\JMR\AppData\Local\OLYMPUS
2015-04-03 23:55 - 2014-10-04 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer
2015-04-03 23:55 - 2014-09-04 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-03 23:55 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-03 23:55 - 2013-10-27 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-03 23:55 - 2013-08-08 20:29 - 00000000 ____D () C:\Users\JMR\AppData\Local\gtk-2.0
2015-04-03 23:55 - 2010-11-21 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-04-03 23:55 - 2010-11-16 11:27 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-04-03 23:55 - 2010-11-16 11:27 - 00000000 ____D () C:\Users\JMR
2015-04-03 23:55 - 2010-09-12 22:17 - 00000000 ____D () C:\ProgramData\P4G
2015-04-03 23:55 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-03 23:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-03 23:30 - 2015-02-27 14:42 - 00000000 ____D () C:\Users\JMR\AppData\Roaming\Spotify
2015-04-03 22:28 - 2010-11-23 18:10 - 00000000 ____D () C:\Users\Gast
2015-04-03 22:27 - 2014-11-09 15:59 - 00000000 ____D () C:\Users\JMR\Desktop\jahr 2014
2015-04-03 22:27 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-04-03 22:23 - 2014-04-05 17:58 - 00000000 ____D () C:\Users\JMR\AppData\Local\Mozilla
2015-04-03 22:22 - 2014-03-03 11:03 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2015-04-03 22:22 - 2011-05-17 23:15 - 00000000 ____D () C:\ProgramData\Real
2015-04-03 21:49 - 2015-02-27 14:43 - 00000000 ____D () C:\Users\JMR\AppData\Local\Spotify
2015-04-03 19:49 - 2013-08-08 20:26 - 00000000 ____D () C:\Users\JMR\.gimp-2.8
2015-04-02 20:17 - 2014-11-21 18:19 - 00000000 ____D () C:\Users\JMR\Documents\Grundeinstellungen_Spaichinger_Schallpegelmesser
2015-04-02 17:11 - 2012-11-18 09:39 - 00071168 ___SH () C:\Users\JMR\Documents\Thumbs.db
2015-03-24 08:48 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-12 08:14 - 2013-08-14 21:16 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2015-04-03 19:40 - 2015-04-03 19:40 - 0001371 _____ () C:\Users\JMR\AppData\Local\recently-used.xbel
2011-05-01 20:55 - 2014-03-30 19:12 - 0007605 _____ () C:\Users\JMR\AppData\Local\resmon.resmoncfg
2012-01-08 15:11 - 2012-01-08 15:11 - 0000000 _____ () C:\Users\JMR\AppData\Local\{62C30138-F2C1-48EC-86AE-182A550822B2}
2011-05-28 21:11 - 2011-05-28 21:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-09-12 22:01 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-09-12 21:56 - 2010-09-12 21:57 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-09-12 21:56 - 2010-09-12 21:56 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\JMR\AppData\Local\Temp\icqsetup.exe
C:\Users\JMR\AppData\Local\Temp\Quarantine.exe
C:\Users\JMR\AppData\Local\Temp\rnsetup0.exe
C:\Users\JMR\AppData\Local\Temp\stubhelper.dll
C:\Users\JMR\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 14:10

==================== End Of Log ============================

--- --- ---

deeprybka · 04.04.2015, 09:53

Hi, Du hast 2mal die FRST.txt gepostet. Die Addition.txt fehlt.

jmm20008 · 04.04.2015, 09:55

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by JMR at 2015-04-04 11:39:29
Running from C:\Users\JMR\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Akamai NetSession Interface (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}) (Version: 1.3.17.25001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.25001 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.7 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.25 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)
ASUS_UL_Series_Screensaver (HKLM-x32\...\ASUS_UL_Series_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0007 - ASUS)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2215 - AVAST Software)
Break'n'Run (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\Break'n'Run) (Version:  - )
Break'n'Run (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Break'n'Run) (Version:  - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP610 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.30.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.4 - ASUS)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
DNA (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
DNA (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
DSL Soforthilfe (HKLM-x32\...\DSL Soforthilfe) (Version: 1.1.0.51 - Telefónica Germany GmbH & Co. OHG)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 13.2.0.8623k - Landesfinanzdirektion Thüringen)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.5.12_SmartArea_WHQL (HKLM\...\Elantech) (Version: 7.0.5.12 - ELAN Microelectronics Corp.)
Express Gate (HKLM-x32\...\{B149B9A2-3FA8-40ED-866F-C08BB56BFD81}) (Version: 1.2.13.21 - DeviceVM, Inc.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
INSTAR Camera Tool (HKLM-x32\...\{630473B5-3AA9-4477-B6DD-F9EA5BEEDD42}) (Version: 2.0.2.0 - INSTAR)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0019 - ASUS)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
o2 Surfstick (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{D0A3D5D4-9366-490E-9011-DF18BCD7F410}) (Version: 1.4.1 - OLYMPUS IMAGING CORP.)
PHOTOfunSTUDIO 4.0 HD Edition (HKLM-x32\...\{381D847E-7E56-4E82-B261-F799E0F40EB4}) (Version: 4.00.140 - Panasonic Corporation)
Piggly FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}) (Version:  - Oberon Media)
PowerLine Utility (HKLM-x32\...\{A0384ECE-2017-4EA8-86C7-513ACB936BDF}) (Version: 1.1.830 - TP-LINK)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.12 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.2.44 - Saal Digital Fotoservice GmbH)
Saal Design Software (x32 Version: 3.2.44 - Saal Digital Fotoservice GmbH) Hidden
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
SILKYPIX Developer Studio 3.0 SE (HKLM-x32\...\InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.0 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smileyville FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117396510}) (Version:  - Oberon Media)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - SRS Labs, Inc.)
syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.13 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2283584599-1744461602-3080128891-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-04-2015 22:11:00 Wiederherstellungsvorgang
03-04-2015 23:34:26 avast! antivirus system restore point
03-04-2015 23:40:47 Wiederherstellungsvorgang
04-04-2015 10:06:36 avast! antivirus system restore point
04-04-2015 10:25:38 Windows Update
04-04-2015 10:43:06 Removed OLYMPUS Master 2
04-04-2015 10:48:59 Removed OLYMPUS Master 2

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-12-21 23:22 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01B1F20F-2F8F-4774-B4B3-2413729F85E9} - System32\Tasks\{6CB8F38E-220D-4EA6-89F3-7FD07BF35949} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {04A06582-237D-4FAD-90AA-0B10CC1332DC} - System32\Tasks\{3F8B00AD-3DCC-4473-AB78-082789C67B81} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {07E07BFA-C5E6-4F42-A36A-C2A29B024A64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08B85B09-15CD-449A-ACCE-4D710642C00D} - System32\Tasks\{6734EEBA-407A-4CE6-B784-D01BEFC84050} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {1258E861-AA6F-44B1-B24C-69B94A2DC967} - System32\Tasks\{D559F9E2-759E-4318-AF24-842ADF6B1556} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {12DF3EB6-0016-4F8E-8457-D0E21B0ECA7C} - System32\Tasks\{A1AEA5A2-5CD6-4B5E-AD8E-AED6A31BBAAB} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {13696A64-B5FA-42E1-8587-D3DB66D3F8FF} - System32\Tasks\{AD77C81F-3D4F-4DA1-B644-5D6CC55A89C3} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {1A09FB9D-C413-4ECC-AD53-1737E53DA024} - System32\Tasks\{A7FEA7C7-6344-499F-AFE4-402B0BA98266} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {1C1A2776-19DE-481C-869B-338A3FEF20F8} - System32\Tasks\{56B93CD6-9B36-408D-973D-42101AC58A77} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {233F9EF5-F598-4FD2-B008-650733D34DCA} - System32\Tasks\{F9A87038-5643-4D2E-9413-629CAFB80771} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {27089241-2C71-4A14-B31F-E27985ECADAC} - System32\Tasks\{832DCFE9-95D5-484F-8ECC-4CDE2E3AB202} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {270FCBA1-A29F-42FD-89EE-0CB70866A8BC} - System32\Tasks\{FF6FACE1-16CD-40ED-8789-D316D62C25D4} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {27CD2AEB-84E2-4DB6-9205-D809B39AF099} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {2BEF415C-A8D5-4975-A996-EDCA71CF35CC} - System32\Tasks\{65D9773C-BF77-46E9-A8EB-E09885999AEA} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2CC04C14-7666-461D-B5C7-15BD6FF53A90} - System32\Tasks\{9EA2B841-AA46-4C76-9DC0-CC86A4980442} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {3144A218-F795-43E7-8936-37A10F561DCB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {33D75B08-5076-4FB4-B43A-977304D52984} - System32\Tasks\{2B848E28-A995-4180-9ABC-F15E73658471} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {39B561F6-69EC-4436-B059-2B60451D4E29} - System32\Tasks\{1A0CB159-08C3-4DCC-B239-F469C4C4E51A} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {423B88EC-A677-497E-890E-0D70B5CA494A} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
Task: {52BD11EE-30A0-4511-8BD3-3967D662B2AF} - System32\Tasks\{2AFA424D-8A61-4B7A-87E6-487F8B35B017} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5349F3EF-6DBC-42FC-94FD-ED22670CEFDA} - System32\Tasks\{F34F3E00-AC60-4F0E-8688-7AF6D6EB7B47} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5CDCA703-C793-4B70-A1B4-1282C5BBAE2A} - System32\Tasks\{1BA3B669-0280-4AB7-A578-2053255240C2} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {5E4517D1-A6D5-4E13-9D5A-0F9C031BECC8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {61A4CFF6-D9EE-41DF-A4F9-CD14B4CF5109} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {63B34D3B-BAB5-450B-8CD1-510FB70C0097} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {63B5A2D7-BC8D-4B5C-AE2B-9CF2AA4272E0} - System32\Tasks\{F2982E5D-CEB2-4604-BCFD-5EC035659011} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6571C3B6-0FDD-4BDD-8010-87C389B976F5} - System32\Tasks\{78416160-E916-4E9C-AAE4-EEE5E25074E8} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6571F630-599A-4F0B-8CAB-A47789EE045E} - System32\Tasks\{4A223F97-FF67-4351-B350-AAEDCA779B1F} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {66475C8E-0319-47CB-9BF2-FE8BE11312F6} - System32\Tasks\{E3FC8612-42FB-4B90-A7B8-9F5779D7951D} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6A5038C9-7DA5-4987-AF12-6B4534ED9C3A} - System32\Tasks\{B4EB44E8-A01C-4FE7-99D5-D2020CB818C7} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6CF373BF-2325-4AEF-B06F-23AC8CF968C6} - System32\Tasks\{2624AE12-354E-410E-858F-DEA8F0FD48BE} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6E2C93D2-8DC7-4C6B-925D-57DD2D460DC6} - System32\Tasks\{B94822C1-607B-4EC2-8B6E-825A5516E6C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {6EF002EB-081D-4B35-931F-9C348A866BD2} - System32\Tasks\{8E13369C-69A9-421F-B6FE-3D4E6BE69342} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Dream Day Wedding Married in Manhattan\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Dream Day Wedding Married in Manhattan\install.log"
Task: {717BEAEB-FBD8-4155-B0A4-D46919D601B6} - System32\Tasks\{6B246773-9C31-45BD-AE31-803AE9A94615} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: {89C08868-FBF2-4AB0-87FD-4E1E1E10863D} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe
Task: {8FDE1513-59A0-4BE6-8E7F-BAB03AA2BCF3} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-19] (ASUS)
Task: {90564CEE-AC46-4499-91F6-3594EFC242DA} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2283584599-1744461602-3080128891-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-24] (RealNetworks, Inc.)
Task: {96126B83-71EC-43A6-94A6-83673998060E} - System32\Tasks\{19A99E52-76EB-435F-BB39-BCA3EFBA4A09} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {992DE68C-AEF9-4A0C-9AC2-990B5CC600D2} - System32\Tasks\{E934E0D2-D1FB-45E2-AADD-03FC393670EF} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {99D61B18-41FD-482F-A4B6-3762E7D4E6A2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-11-07] (ATK)
Task: {A78C26BB-234E-4004-8E90-AB1BAE5FB73C} - System32\Tasks\{E99B91BB-C7D7-4913-81B5-0F77786CF7C5} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {A94E2932-1B11-4908-8749-E8E387CB98A2} - System32\Tasks\{632D5B1A-83EB-4FE9-BCA4-50D302793C93} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {AB2AD3F2-8939-4D06-A803-179FC7EFB3D0} - System32\Tasks\{B23594F3-28CE-42F4-B6F1-27DD7F363349} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ABF21798-A8F6-4A5F-9032-60DA6F93EE35} - System32\Tasks\{12A5ED1C-0B4E-48D8-A9D9-D5999E814FFD} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {ADF97F85-9135-4841-9E6F-D3D5A3B40533} - System32\Tasks\{B0751EE5-17A5-4249-AB19-8F18C0837953} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {C0EC2287-8A61-42EF-9C87-A148D085D520} - System32\Tasks\{BDACE48F-F83B-4CC5-A169-B26C4EF977B2} => pcalua.exe -a "C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe" -c uninst.ini
Task: {C1777662-88BF-43E2-A015-D113F5B5EDBE} - System32\Tasks\{010535D7-0CD0-47D9-8E4C-E6BA7CB7DB05} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {C1A48D86-0522-4CEA-8BFF-A202C20BF813} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {CF46610F-D7A9-48AA-B421-9981CB195D00} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-09-23] (TODO: <Company name>)
Task: {D2E54591-FC6B-44C3-B885-1AA498F39A20} - System32\Tasks\{E9698C53-1824-4CC7-A0B9-6663DDA0BD99} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {D33A713D-0358-4968-8FF1-03F176651387} - System32\Tasks\{942CCF83-5B7B-4E48-9B8D-E6DB5F9FDFCA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {E0765BE3-4B5D-471A-856E-F76B0FA4BAE6} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {EBE638D0-28F7-44F7-9CD8-A72A03B1DCD1} - System32\Tasks\{1946E732-0BF4-4ACE-B2E6-5F0A2C8B7B4C} => C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe
Task: {F0F4B88C-30DF-4EE4-965F-0A64A418B861} - System32\Tasks\{82A1FC45-4F21-4D7B-9FF4-7B534722DEA2} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {FC046845-1C3C-4C15-BCB4-CD7330666FE2} - System32\Tasks\{76E124A8-5C24-4AA6-8181-336B5A7773B2} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Piggly FREE\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Piggly FREE\install.log"
Task: {FEAF62C6-A3D7-4F30-929B-8DE260A443E4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-10-23] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2010-09-12 22:09 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2009-07-02 03:54 - 2009-07-02 03:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2010-09-12 22:01 - 2010-09-12 22:01 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll
2010-09-12 22:01 - 2010-09-12 22:01 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2010-09-12 22:19 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2009-10-23 22:40 - 2009-10-23 22:40 - 00041984 _____ () C:\Program Files\P4G\DevMng.dll
2009-09-11 21:27 - 2009-09-11 21:27 - 00029184 _____ () C:\Program Files\P4G\OvrClk.dll
2010-09-12 22:09 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-10-23 01:45 - 2009-10-23 01:45 - 01593344 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2009-09-24 14:50 - 2009-09-24 14:50 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2014-04-06 18:26 - 2014-04-06 18:25 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-07-24 12:47 - 2014-07-24 12:47 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-24 15:06 - 2014-07-24 15:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-04-04 10:19 - 2015-04-04 10:19 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 10:18 - 2015-04-04 10:18 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-04 10:21 - 2015-04-04 10:21 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040303\algo.dll
2010-11-16 19:10 - 2007-07-27 16:10 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ResItf.dll
2010-11-16 19:10 - 2009-07-03 14:04 - 00084992 _____ () C:\Program Files\ASUS\Net4Switch\cxcmrt.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00074752 _____ () C:\Program Files\ASUS\Net4Switch\ipswobj.dll
2010-11-16 19:10 - 2009-07-01 17:46 - 00461824 _____ () C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00049152 _____ () C:\Program Files\ASUS\Net4Switch\ipswhlp.dll
2010-11-16 19:10 - 2009-07-08 12:24 - 00167424 _____ () C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00089088 _____ () C:\Program Files\ASUS\Net4Switch\ipswds.dll
2010-11-16 19:10 - 2009-07-03 14:12 - 00065024 _____ () C:\Program Files\ASUS\Net4Switch\ipswgblset.dll
2010-11-16 19:10 - 2009-07-03 14:40 - 00085504 _____ () C:\Program Files\ASUS\Net4Switch\LogonStartup.dll
2010-11-16 19:10 - 2009-07-09 18:41 - 00222720 ____N () C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll
2010-11-16 19:10 - 2009-07-03 14:21 - 00042496 _____ () C:\Program Files\ASUS\Net4Switch\iphelper.dll
2010-11-16 19:10 - 2009-07-03 14:11 - 00267264 _____ () C:\Program Files\ASUS\Net4Switch\ipswcore.dll
2010-11-16 19:10 - 2009-07-03 14:13 - 00297984 _____ () C:\Program Files\ASUS\Net4Switch\ipswui.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-04-06 18:26 - 2014-04-06 18:25 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-10-13 09:45 - 2014-10-13 09:45 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2015-04-04 10:19 - 2015-04-04 10:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-13 09:45 - 2014-10-13 09:45 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2014-10-10 23:52 - 2006-09-04 20:26 - 00014336 _____ () C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\Tracer.dll
2014-10-10 23:52 - 2011-04-25 16:12 - 00118784 _____ () C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OlyPalm.dll
2014-10-10 23:52 - 2010-03-19 16:24 - 00372736 _____ () C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OSLite.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2283584599-1744461602-3080128891-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JMR\AppData\Roaming\ArcSoft\IMG_0721.bmp
HKU\S-1-5-21-2283584599-1744461602-3080128891-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\JMR\AppData\Roaming\ArcSoft\IMG_0721.bmp
HKU\S-1-5-21-2283584599-1744461602-3080128891-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 4.0 HD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\JMR\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUS WebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BitTorrent DNA => "C:\Program Files (x86)\DNA\btdna.exe"
MSCONFIG\startupreg: Boingo Wi-Fi => "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
MSCONFIG\startupreg: CancelAutoPlay_df => "C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe" run
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CheckNDISPortF0acA7 => C:\Program Files (x86)\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DSL Soforthilfe => C:\Program Files (x86)\DSL Soforthilfe\DSL_Soforthilfe.exe /auto
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl11 => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Syncables => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

==================== Accounts: =============================

Administrator (S-1-5-21-2283584599-1744461602-3080128891-500 - Administrator - Disabled)
Gast (S-1-5-21-2283584599-1744461602-3080128891-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2283584599-1744461602-3080128891-1004 - Limited - Enabled)
JMR (S-1-5-21-2283584599-1744461602-3080128891-1001 - Administrator - Enabled) => C:\Users\JMR

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 10:49:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (04/04/2015 10:48:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (04/04/2015 10:43:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (04/04/2015 10:43:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (04/04/2015 10:25:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (04/04/2015 10:25:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (04/04/2015 10:08:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (04/04/2015 00:01:20 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows-Sicherung). Zusätzliche Informationen: 0x80070005.

Error: (04/03/2015 11:41:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.

Error: (04/03/2015 11:37:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
TraverseDir : Unable to FindFirstFile.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (04/04/2015 10:33:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/04/2015 10:33:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Pipe-Listeneradapter erreicht.

Error: (04/04/2015 10:33:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (04/04/2015 10:33:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/04/2015 10:33:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (04/04/2015 09:59:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/04/2015 09:59:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Net.Pipe-Listeneradapter erreicht.

Error: (04/04/2015 09:59:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (04/04/2015 09:59:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/04/2015 09:59:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.


Microsoft Office Sessions:
=========================
Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 128 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/28/2013 08:28:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 131 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/20/2011 10:57:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-04 09:48:15.445
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-04 09:48:15.304
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-31 13:08:49.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-03-31 12:37:21.031
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\KernelBase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU U7300 @ 1.30GHz
Percentage of memory in use: 71%
Total physical RAM: 4061.02 MB
Available physical RAM: 1157.64 MB
Total Pagefile: 8120.23 MB
Available Pagefile: 5059.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:5.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:44.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended)

==================== End Of Log ============================

deeprybka · 04.04.2015, 09:57

Schritt 1

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

jmm20008 · 04.04.2015, 10:54

Code:

ATTFilter

ComboFix 15-04-01.01 - JMR 04.04.2015  12:12:14.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4061.1384 [GMT 2:00]
ausgeführt von:: c:\users\JMR\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-04 bis 2015-04-04  ))))))))))))))))))))))))))))))
.
.
2015-04-04 09:36 . 2015-04-04 09:41	--------	d-----w-	C:\FRST
2015-04-04 08:27 . 2015-03-23 00:32	12002392	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{010BB9EA-E603-46D9-AE31-5F9B86C28556}\mpengine.dll
2015-04-04 08:20 . 2015-04-04 08:20	364472	----a-w-	c:\windows\system32\aswBoot.exe
2015-04-04 08:19 . 2015-04-04 08:19	43112	----a-w-	c:\windows\avastSS.scr
2015-04-03 18:51 . 2015-04-03 18:51	--------	d-----w-	c:\users\JMR\AppData\Roaming\dlg
2015-04-03 17:51 . 2015-04-03 19:35	--------	d-----w-	c:\program files (x86)\WNetEnhance
2015-03-11 16:18 . 2015-02-20 04:41	41984	------w-	c:\windows\system32\lpk.dll
2015-03-11 16:18 . 2015-02-20 04:12	25600	------w-	c:\windows\SysWow64\lpk.dll
2015-03-11 16:15 . 2015-03-06 05:42	210944	------w-	c:\windows\system32\wdigest.dll
2015-03-11 16:14 . 2015-02-13 05:22	14177280	------w-	c:\windows\system32\shell32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-04 09:14 . 2015-01-04 19:58	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-04 08:20 . 2014-01-16 06:02	136752	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-04-04 08:20 . 2013-03-21 21:29	442264	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-04-04 08:20 . 2013-03-21 21:29	271200	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-04-04 08:20 . 2014-04-22 10:35	29168	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-04-04 08:20 . 2013-03-21 21:29	65736	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-04-04 08:20 . 2013-03-21 21:29	88408	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-04-04 08:20 . 2013-03-21 21:29	93528	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-04-04 08:18 . 2013-03-21 21:29	1047320	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-02-24 01:17 . 2011-05-01 19:20	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-05 18:26 . 2014-09-06 18:33	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-05 09:51 . 2014-09-06 18:34	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 09:51 . 2014-09-06 18:34	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-23 04:42 . 2015-02-12 08:13	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-01-23 04:41 . 2015-02-12 08:13	6041600	----a-w-	c:\windows\system32\jscript9.dll
2015-01-23 03:43 . 2015-02-12 08:13	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-01-23 03:17 . 2015-02-12 08:13	4300800	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-01-15 08:14 . 2015-02-11 07:13	155072	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-11 07:13	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-11 07:13	136192	----a-w-	c:\windows\system32\sspicli(542).dll
2015-01-15 08:09 . 2015-02-11 07:13	29184	----a-w-	c:\windows\system32\sspisrv(543).dll
2015-01-15 08:09 . 2015-02-11 07:13	28160	----a-w-	c:\windows\system32\secur32(538).dll
2015-01-15 08:09 . 2015-02-11 07:13	1461760	----a-w-	c:\windows\system32\lsasrv(530).dll
2015-01-15 08:09 . 2015-02-11 07:13	31232	----a-w-	c:\windows\system32\lsass(531).exe
2015-01-15 08:08 . 2015-02-11 07:13	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-11 07:13	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-11 07:13	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-11 07:13	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-11 07:13	22016	----a-w-	c:\windows\SysWow64\secur32(559).dll
2015-01-15 07:42 . 2015-02-11 07:13	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-11 07:13	96768	----a-w-	c:\windows\SysWow64\sspicli(561).dll
2015-01-15 07:39 . 2015-02-11 07:13	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-11 07:13	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-11 07:13	686080	----a-w-	c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-11 07:13	458824	----a-w-	c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-11 07:12	5554112	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-11 07:12	503808	----a-w-	c:\windows\system32\srcore(541).dll
2015-01-14 06:05 . 2015-02-11 07:12	50176	----a-w-	c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-11 07:12	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-11 07:14	389808	----a-w-	c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-11 07:12	3972544	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-11 07:12	3917760	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-11 07:12	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-11 07:13	1424384	----a-w-	c:\windows\system32\WindowsCodecs(550).dll
2015-01-13 02:49 . 2015-02-11 07:13	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-11 07:14	25056256	----a-w-	c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-11 07:15	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-11 07:14	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-11 07:14	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-11 07:15	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-11 07:14	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-11 07:14	2885632	----a-w-	c:\windows\system32\iertutil(526).dll
2015-01-12 02:47 . 2015-02-11 07:14	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-11 07:14	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-11 07:15	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-11 07:14	633856	----a-w-	c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-11 07:14	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-11 07:15	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-01-12 02:25 . 2015-02-11 07:14	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-11 07:14	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-11 07:14	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-11 07:15	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-11 07:14	503296	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-11 07:14	199680	----a-w-	c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-11 07:14	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-11 07:14	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-11 07:15	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-11 07:15	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-11 07:14	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-01-12 02:02 . 2015-02-11 07:14	2277888	----a-w-	c:\windows\SysWow64\iertutil(556).dll
2015-01-12 01:55 . 2015-02-11 07:14	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:48 . 2015-02-11 07:15	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-11 07:14	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-11 07:14	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-11 07:14	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-11 07:14	14401024	----a-w-	c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-11 07:15	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27 . 2015-02-11 07:14	2358272	----a-w-	c:\windows\system32\wininet(551).dll
2015-01-12 01:23 . 2015-02-11 07:14	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-11 07:14	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-11 07:14	1548288	----a-w-	c:\windows\system32\urlmon(546).dll
2015-01-12 01:02 . 2015-02-11 07:14	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-11 07:14	1888256	----a-w-	c:\windows\SysWow64\wininet(564).dll
2015-01-12 00:56 . 2015-02-11 07:15	1307136	----a-w-	c:\windows\SysWow64\urlmon(562).dll
2015-01-10 06:48 . 2015-02-11 07:15	210944	----a-w-	c:\windows\system32\wdigest(548).dll
2015-01-10 06:48 . 2015-02-11 07:15	86528	----a-w-	c:\windows\system32\TSpkg(544).dll
2015-01-10 06:48 . 2015-02-11 07:15	341504	----a-w-	c:\windows\system32\schannel(537).dll
2015-01-10 06:48 . 2015-02-11 07:15	309760	----a-w-	c:\windows\system32\ncrypt(535).dll
2015-01-10 06:48 . 2015-02-11 07:15	314880	----a-w-	c:\windows\system32\msv1_0(534).dll
2015-01-10 06:48 . 2015-02-11 07:15	728064	----a-w-	c:\windows\system32\kerberos(527).dll
2015-01-10 06:48 . 2015-02-11 07:15	22016	----a-w-	c:\windows\system32\credssp(518).dll
2015-01-10 06:27 . 2015-02-11 07:15	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-11 07:15	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-11 07:15	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-11 07:15	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-11 07:15	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-11 07:15	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-11 07:15	17408	----a-w-	c:\windows\SysWow64\credssp(553).dll
2015-01-09 03:14 . 2015-02-11 07:15	91136	----a-w-	c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 07:15	950272	----a-w-	c:\windows\system32\perftrack.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-30 17:56	222832	----a-w-	c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-30 17:56	222832	----a-w-	c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-30 17:56	222832	----a-w-	c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30878816]
"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-04 5512912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C615(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 SupThrSrv;Super Thruster Service;c:\esupport\SupThrSrv\SupThrSrv.exe;c:\esupport\SupThrSrv\SupThrSrv.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-06 09:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-30 17:57	261744	----a-w-	c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-30 17:57	261744	----a-w-	c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-30 17:57	261744	----a-w-	c:\users\JMR\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-04 08:20	722400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uInternet Settings,ProxyOverride = <-loopback>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\JMR\AppData\Roaming\Mozilla\Firefox\Profiles\5b0mbq1q.default-1411810636522\
FF - prefs.js: browser.search.defaulturl - hxxps://de.search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://de.yahoo.com/?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/yhs/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
AddRemove-{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD} - c:\windows\system32\SupportAppPBHostless Modem\Setup.exe
.
.
.
Zeit der Fertigstellung: 2015-04-04  12:34:05
ComboFix-quarantined-files.txt  2015-04-04 10:34
.
Vor Suchlauf: 6.524.133.376 Bytes frei
Nach Suchlauf: 7.395.246.080 Bytes frei
.
- - End Of File - - F6111C2BC90BA9B4AB2851BFAE5C09C2
A36C5E4F47E84449FF07ED3517B43A31

Danke schön!

Gruß Manuela

deeprybka · 04.04.2015, 10:57

Welche Fehlermeldung kommt wenn Du Malwarebytes scannen läßt?

jmm20008 · 04.04.2015, 11:05

Jetzt wohl keiner mehr. Der Malware Scanner lief wohl noch im Hintergrund!

Gruß Manuela

deeprybka · 04.04.2015, 11:08

Zitat:

Zitat von jmm20008

Jetzt wohl keiner mehr. Der Malware Scanner lief wohl noch im Hintergrund!
Gruß Manuela

Sorry, verstehe nicht ganz?

jmm20008 · 04.04.2015, 11:31

Nachdem ich den Computer nach dem RecoveryScan Tool runtergefahren habe, habe ich nochmal versucht den Malware Scanner laufen zu lassen. Und der lief im Hintergrund während ich Combofix durchlaufen gelassen habe.
Der Malwarescanner hat in Downloads mehrere Sachen gefunden, die ich dann in Quarantäre verschoben habe! WNetEnhance hieß das Program!

deeprybka · 04.04.2015, 11:32

Also geht er jetzt wieder?

jmm20008 · 04.04.2015, 11:41

Ja genau, der Virenschutz hat sich auch nicht mehr ausgeschaltet.
Das einzige was jetzt noch anderes ist, dass ich nach dem Hochfahren längere Zeit einen weißen Bildschirm sehe!

deeprybka · 04.04.2015, 11:43

Wir sind auch noch nicht fertig:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Download und Anleitung
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 3

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

jmm20008 · 04.04.2015, 12:16

Code:

ATTFilter

# AdwCleaner v4.200 - Bericht erstellt 04/04/2015 um 13:04:11
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : JMR - JMR-PC
# Gestarted von : C:\Users\JMR\Downloads\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****

Task Gelöscht : Start Registry Reviver

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKCU\Software\Search Extensions
Schlüssel Gelöscht : HKCU\Software\Appscion
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AllDaySavings 
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 de)


*************************

AdwCleaner[R0].txt - [1067 Bytes] - [06/09/2014 21:13:29]
AdwCleaner[R1].txt - [1501 Bytes] - [04/04/2015 12:45:41]
AdwCleaner[S0].txt - [1129 Bytes] - [06/09/2014 22:14:00]
AdwCleaner[S1].txt - [1306 Bytes] - [04/04/2015 13:04:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1365  Bytes] ##########

Hier schonmal Schritt eins!

04.04.2015, 09:53	#4
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Virenschutz und Anti Malware funktionieren nicht mehr Hi, Du hast 2mal die FRST.txt gepostet. Die Addition.txt fehlt. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

04.04.2015, 10:57	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Virenschutz und Anti Malware funktionieren nicht mehr Welche Fehlermeldung kommt wenn Du Malwarebytes scannen läßt? __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

04.04.2015, 11:32	#12
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Virenschutz und Anti Malware funktionieren nicht mehr Also geht er jetzt wieder? __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Virenschutz und Anti Malware funktionieren nicht mehr

Log-Analyse und Auswertung: Virenschutz und Anti Malware funktionieren nicht mehr